oss-sec mailing list archives
CVE request: PHP-Fusion waraxe-2013-SA#097
From: Henri Salo <henri () nerv fi>
Date: Sun, 3 Mar 2013 02:02:20 +0200
Hello list, Can I get CVEs for vulnerabilities fixed in PHP-Fusion version 7.02.06, thanks. http://www.waraxe.us/advisory-97.html waraxe-2013-SA#097 OSVDB ID title 90714 PHP-Fusion /downloads.php orderby Parameter SQL Injection 90713 PHP-Fusion /forum/postedit.php delete_attach_* Parameter SQL Injection 90712 PHP-Fusion /forum/postnewthread.php poll_opts Parameter SQL Injection 90711 PHP-Fusion /administration/settings_messages.php Multiple Parameter SQL Injection 90710 PHP-Fusion /administration/settings_photo.php Multiple Parameter SQL Injection 90709 PHP-Fusion /administration/bbcodes.php enable Parameter SQL Injection 90708 PHP-Fusion /forum/viewthread.php highlight Parameter XSS 90707 PHP-Fusion /messages.php Multiple Parameter XSS 90706 PHP-Fusion /infusions/shoutbox_panel/shoutbox_admin.php message Parameter XSS 90705 PHP-Fusion /administration/news.php message Parameter XSS 90704 PHP-Fusion /administration/panel_editor.php panel_list Parameter XSS 90703 PHP-Fusion /administration/phpinfo.php User-Agent HTTP Header XSS 90702 PHP-Fusion /administration/bbcodes.php __BBCODE__ Parameter XSS 90701 PHP-Fusion /administration/article_cats.php Multiple Parameter XSS 90700 PHP-Fusion /administration/download_cats.php Multiple Parameter XSS 90699 PHP-Fusion /administration/news_cats.php Multiple Parameter XSS 90698 PHP-Fusion /administration/weblink_cats.php Multiple Parameter XSS 90697 PHP-Fusion /administration/articles.php Multiple Parameter XSS 90696 PHP-Fusion /administration/db_backup.php file Parameter Traversal Arbitrary File Deletion 90695 PHP-Fusion /administration/news.php Multiple Parameter SQL Injection 90694 PHP-Fusion /maincore.php user_theme Parameter Traversal Local File Inclusion 90693 PHP-Fusion /administration/articles.php article_id Parameter SQL Injection 90692 PHP-Fusion /administration/user_fields.php enable Parameter Traversal Local File Inclusion 90691 PHP-Fusion /administration/db_backup.php Database Backup Direct Request Information Disclosure 90359 PHP-Fusion includes/classes/Authenticate.class.php Multiple Cookie SQL Injection -- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request: PHP-Fusion waraxe-2013-SA#097 Henri Salo (Mar 02)
- Re: CVE request: PHP-Fusion waraxe-2013-SA#097 Kurt Seifried (Mar 02)