SB2020050730 - Multiple vulnerabilities in PHP-Fusion
Published: May 7, 2020 Updated: August 8, 2020
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) SQL injection (CVE-ID: CVE-2020-14960)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
2) Cross-site scripting (CVE-ID: CVE-2020-12718)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Cross-site scripting (CVE-ID: CVE-2020-12706)
The vulnerability allows a remote authenticated user to read and manipulate data.
Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php
4) Cross-site scripting (CVE-ID: CVE-2020-12708)
The vulnerability allows a remote non-authenticated attacker to read and manipulate data.
Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043.
Remediation
Cybersecurity Help is not aware of any official remediation provided by the vendor.
References
- https://github.com/php-fusion/PHP-Fusion/commit/b3bde37f60e96f1a8ddd1439658307b28be77db5
- https://github.com/php-fusion/PHP-Fusion/issues/2327
- https://www.exploit-db.com/exploits/48487
- https://github.com/php-fusion/PHP-Fusion/issues/2309
- https://github.com/php-fusion/PHP-Fusion/commit/67273e546642d39451858a47296957807c9abd5f
- https://github.com/php-fusion/PHP-Fusion/issues/2306
- https://www.exploit-db.com/exploits/48404
- https://github.com/php-fusion/PHP-Fusion/issues/2310