CVE-2005-3159

Vulnerability

The vulnerability resides in messages.php of PHP-Fusion version 6.00.109. The msg_view parameter is insufficiently sanitized, enabling SQL injection. This issue is distinct from other SQL injection points reported for the same file (such as msg_send, pm_email_notify, and pm_save_sent) [1].

Exploitation

An attacker needs only network access to the vulnerable PHP-Fusion installation; no authentication is required. By crafting a malicious HTTP request to messages.php with a specially formed msg_view parameter (e.g., msg_view=' UNION SELECT ...), the attacker can inject arbitrary SQL commands [1]. No user interaction is necessary.

Impact

Successful exploitation allows the attacker to execute arbitrary SQL statements against the backend database. This can lead to disclosure of sensitive information such as user credentials and administrator passwords, and potentially complete compromise of the application and its data [1].

Mitigation

The vendor was reportedly aware of this issue and had likely fixed it before the disclosure in September 2005 [1]. Users should upgrade to the latest available version of PHP-Fusion. No explicit fixed version is documented in the provided reference. If upgrading is not immediately possible, input sanitization for the msg_view parameter should be enforced or access to messages.php restricted. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog.