CVE-2005-3159
published 2005-10-06CVE-2005-3159: SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different…
PriorityP337high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.16%
63.3th percentile
SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php-fusion | php-fusion | — | — |
| php-fusion | php-fusion | — | — |
| php_fusion | php_fusion | — | — |
| php_fusion | php_fusion | — | — |
| php_fusion | php_fusion | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-fjxc-vq87-fmhx: SQL injection vulnerability in messages
ghsa_unreviewed·2022-05-17·CVSS 7.5
CVE-2008-5335 [HIGH] CWE-89 GHSA-fjxc-vq87-fmhx: SQL injection vulnerability in messages
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459.
GHSA
GHSA-r3p5-262x-676f: SQL injection vulnerability in messages
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-3157 [HIGH] GHSA-r3p5-262x-676f: SQL injection vulnerability in messages
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159.
GHSA
GHSA-qvr9-gqvh-83cj: SQL injection vulnerability in messages
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-3158 [HIGH] GHSA-qvr9-gqvh-83cj: SQL injection vulnerability in messages
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and 6.00.107 allows remote attackers to execute arbitrary SQL commands via the (1) pm_email_notify and (2) pm_save_sent parameters, a different vulnerability than CVE-2005-3157 and CVE-2005-3159.
GHSA
GHSA-398j-37xh-xw92: SQL injection vulnerability in messages
ghsa_unreviewed·2022-05-01·CVSS 7.5
CVE-2005-3159 [HIGH] GHSA-398j-37xh-xw92: SQL injection vulnerability in messages
SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158.
No detection rules found.
No writeups or analysis indexed.
http://marc.info/?l=bugtraq&m=112811077320676&w=2http://www.osvdb.org/18708http://www.s4a.cc/forum/archive/index.php/t-3585.htmlhttp://www.securityfocus.com/bid/14489http://marc.info/?l=bugtraq&m=112811077320676&w=2http://www.osvdb.org/18708http://www.s4a.cc/forum/archive/index.php/t-3585.htmlhttp://www.securityfocus.com/bid/14489
2005-10-06
Published