Security Advisory

CVE-2020-12461

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-04-29 16:14:26

Last updated 2024-08-04 11:56:52

Assigner mitre

State PUBLISHED

Description

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query.

← Browse all CVEs View on cve.org ↗