CVE-2005-3157
published 2005-10-06CVE-2005-3157: SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a…
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.63%
88.1th percentile
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php-fusion | php-fusion | — | — |
| php-fusion | php-fusion | — | — |
| php_fusion | php_fusion | — | — |
| php_fusion | php_fusion | — | — |
| php_fusion | php_fusion | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fjxc-vq87-fmhx: SQL injection vulnerability in messages
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2008-5335 [HIGH] CWE-89 GHSA-fjxc-vq87-fmhx: SQL injection vulnerability in messages
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459.
GHSA
GHSA-r3p5-262x-676f: SQL injection vulnerability in messages
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-3157 [HIGH] GHSA-r3p5-262x-676f: SQL injection vulnerability in messages
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159.
GHSA
GHSA-qvr9-gqvh-83cj: SQL injection vulnerability in messages
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-3158 [HIGH] GHSA-qvr9-gqvh-83cj: SQL injection vulnerability in messages
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and 6.00.107 allows remote attackers to execute arbitrary SQL commands via the (1) pm_email_notify and (2) pm_save_sent parameters, a different vulnerability than CVE-2005-3157 and CVE-2005-3159.
GHSA
GHSA-398j-37xh-xw92: SQL injection vulnerability in messages
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-3159 [HIGH] GHSA-398j-37xh-xw92: SQL injection vulnerability in messages
SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=112793982604963&w=2http://rgod.altervista.org/phpfusion600109.htmlhttp://secunia.com/advisories/16994http://www.php-fusion.co.uk/news.php?readmore=259http://marc.info/?l=bugtraq&m=112793982604963&w=2http://rgod.altervista.org/phpfusion600109.htmlhttp://secunia.com/advisories/16994http://www.php-fusion.co.uk/news.php?readmore=259
2005-10-06
Published