Title: e-Zone Media FuseTalk Form Input Validation Vulnerability
Severity: HIGH
Description:
e-Zone Media FuseTalk is a web-based forum package that allows users to build interactive communities.
FuseTalk by default does not appear to validate or sanitize any input entered into its sign-up forms. The join.cfm form, which submits new user information to the user database accepts SQL queries as part of input data. The form then executes the SQL query upon the SQL database it accesses.
In this manner, a malicious user could potentially create or delete users in the database by entering form data followed by a semi-colon and an SQL query.
Affected Products:
- e-Zone Media Inc. FuseTalk 2.0.0
- e-Zone Media Inc. FuseTalk 3.0.0
References:
- e-Zone Media: FuseTalk
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
