PHPFusion Multiple SQL Injection Vulnerabilities - CVE-2014-8596 - Vulnerability Database

PHPFusion Multiple SQL Injection Vulnerabilities - CVE-2014-8596

High

Reference: CVE-2014-8596

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2014-8596

Title: PHPFusion Multiple SQL Injection Vulnerabilities

Overview:

Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.