CVE-2005-3161 Information

Description

Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 allow remote attackers to execute arbitrary SQL commands via (1) the activate parameter in register.php and (2) the cat_id parameter in faq.php.

Reference

http://secunia.com/advisories/17055 http://secunia.com/secunia_research/2005-52/advisory/ http://securityreason.com/securityalert/54 http://www.osvdb.org/19866 http://www.osvdb.org/19867 http://www.php-fusion.co.uk/news.php?readmore=261 http://www.securityfocus.com/bid/15018 https://exchange.xforce.ibmcloud.com/vulnerabilities/22532