Secunia

TheGreatOne2176 has reported some vulnerabilities in PHP-Fusion, which can be exploited by malicious people to disclose sensitive information and by malicious users to conduct script insertion attacks.

1) An error in "forum_search.php" when handling multiple search words can be exploited to disclose the subjects of posts in protected forums by supplying a specially crafted search query.

The vulnerability has been confirmed in version 4.01. Other versions may also be affected.

2) An error in the restriction of threads in protected forums in "viewthread.php" can be exploited to disclose the contents of arbitrary posts in protected forums by supplying an invalid "forum_id" and "forum_cat" parameter and a valid "thread_id" parameter.

The vulnerability can in combination with vulnerability 1 be exploited to find and disclose arbitrary protected forum posts.

The vulnerability has been confirmed in version 4.01. Other versions may also be affected.

3) Input passed to the "Brief", "Description", "Article" and "Name" fields in "submit_article.php" is not properly sanitised before being used. This can be exploited to inject arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious user data is viewed.

The vulnerability has been reported in version 4.x.

Solution
Edit the source code to ensure that the SQL code for search queries is correctly built and that input is properly validated.

Provided and/or discovered by
TheGreatOne2176, ReaperCore.

Changelog
Further details available in Customer Area

Deep Links
Links available in Customer Area