VYPR
Unrated severityNVD Advisory· Published Apr 29, 2020· Updated Aug 4, 2024

CVE-2020-12461

CVE-2020-12461

Description

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query.

Affected products

2

Patches

Vulnerability mechanics

References

5

News mentions

0

No linked articles in our index yet.