FusionBB 0.x - Multiple Input Validation Vulnerabilities

EDB-ID:

25819

CVE:





Platform:

PHP

Date:

2005-06-13


source: https://www.securityfocus.com/bid/13939/info

FusionBB is affected by multiple vulnerabilities. These issues arise due to a failure of the application to properly sanitize user-supplied input.

The following specific vulnerabilities were identified:

The application is affected by a local file include vulnerability. The attacker may leverage this issue to execute arbitrary server-side script code that resides on an affected computer with the privileges of the Web server process. This may potentially facilitate unauthorized access.

FusionBB is prone to multiple SQL injection vulnerabilities as well. These vulnerabilities could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation. 

Cookie: bb_session_id=' or user_id = '1; bb_uid=1;