Vulnerability in Private Messages
Posted by Falk on 09/30/2005

---

Following a Secunia advisory (PHPFusion "msg_send" SQL Injection Vulnerability) I have released an updated messages.php script for existing PHPFusion v6.00.1xx setups.

Input passed to the "msg_send" parameter in "messages.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

The sourceforge package has been updated to include the above fix.
Download Messages Security Patch (10Kb).

Updated The fix did not account for the $msg_send variable being blank therefore preventing the use of the write new message button. This has now been rectified. Sorry for any inconvenience caused.