Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Jun 16, 2026
CVE-2004-2437
CVE-2004-2437
Description
SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2cpe:2.3:a:php_fusion:php_fusion:4.01:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:php_fusion:php_fusion:4.01:*:*:*:*:*:*:*
- (no CPE)range: = 4.01
Patches
Vulnerability mechanics
References
5News mentions
0No linked articles in our index yet.