Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

php-fusion php-fusion 7.02.03 vulnerabilities and exploits

(subscribe to this query)
5
CVSSv2
CVE-2013-1807
PHP-Fusion prior to 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote malicious users to obtain sensitive information via a direct request to the backup file in administration/db_backups/.
Php-fusion Php-fusionPhp-fusion Php-fusion 7.02.02Php-fusion Php-fusion 7.02.01Php-fusion Php-fusion 7.02.04Php-fusion Php-fusion 7.02.03
7.5
CVSSv2
CVE-2013-1803
Multiple SQL injection vulnerabilities in PHP-Fusion prior to 7.02.06 allow remote malicious users to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) ...
Php-fusion Php-fusionPhp-fusion Php-fusion 7.02.01Php-fusion Php-fusion 7.02.04Php-fusion Php-fusion 7.02.03Php-fusion Php-fusion 7.02.02
4.3
CVSSv2
CVE-2013-1804
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion prior to 7.02.06 allow remote malicious users to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitra...
Php-fusion Php-fusion 7.02.04Php-fusion Php-fusion 7.02.02Php-fusion Php-fusionPhp-fusion Php-fusion 7.02.01Php-fusion Php-fusion 7.02.03
6.5
CVSSv2
CVE-2013-1806
Multiple directory traversal vulnerabilities in PHP-Fusion prior to 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files...
Php-fusion Php-fusionPhp-fusion Php-fusion 7.02.03Php-fusion Php-fusion 7.02.02Php-fusion Php-fusion 7.02.04Php-fusion Php-fusion 7.02.01
7.5
CVSSv2
CVE-2013-7375
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 up to and including 7.02.05 allows remote malicious users to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
Php-fusion Php-fusion 7.02.02Php-fusion Php-fusion 7.02.03Php-fusion Php-fusion 7.02.01Php-fusion Php-fusion 7.02.04Php-fusion Php-fusion 7.02.05
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-34377CVE-2024-20859CVE-2023-49606injectarbitrary CVE-2024-33788CVE-2024-30973IDORCVE-2024-33907
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook