Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-fusion php-fusion 7.02.04 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2012-6043
Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote malicious users to inject arbitrary web script or HTML via the cat_id parameter.
Php-fusion Php-fusion 7.02.04
1 EDB exploit
NA
CVE-2013-1803
Multiple SQL injection vulnerabilities in PHP-Fusion prior to 7.02.06 allow remote malicious users to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary SQL commands via a (2) ...
Php-fusion Php-fusion
Php-fusion Php-fusion 7.02.01
Php-fusion Php-fusion 7.02.04
Php-fusion Php-fusion 7.02.03
Php-fusion Php-fusion 7.02.02
1 EDB exploit
NA
CVE-2013-1804
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion prior to 7.02.06 allow remote malicious users to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitra...
Php-fusion Php-fusion 7.02.04
Php-fusion Php-fusion 7.02.02
Php-fusion Php-fusion
Php-fusion Php-fusion 7.02.01
Php-fusion Php-fusion 7.02.03
1 EDB exploit
NA
CVE-2013-1806
Multiple directory traversal vulnerabilities in PHP-Fusion prior to 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files...
Php-fusion Php-fusion
Php-fusion Php-fusion 7.02.03
Php-fusion Php-fusion 7.02.02
Php-fusion Php-fusion 7.02.04
Php-fusion Php-fusion 7.02.01
1 EDB exploit
NA
CVE-2013-1807
PHP-Fusion prior to 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote malicious users to obtain sensitive information via a direct request to the backup file in administration/db_backups/.
Php-fusion Php-fusion
Php-fusion Php-fusion 7.02.02
Php-fusion Php-fusion 7.02.01
Php-fusion Php-fusion 7.02.04
Php-fusion Php-fusion 7.02.03
1 EDB exploit
NA
CVE-2013-7375
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 up to and including 7.02.05 allows remote malicious users to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
Php-fusion Php-fusion 7.02.02
Php-fusion Php-fusion 7.02.03
Php-fusion Php-fusion 7.02.01
Php-fusion Php-fusion 7.02.04
Php-fusion Php-fusion 7.02.05
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injection
CVE-2006-4304
CVE-2023-26603
CVE-2024-28327
CVE-2023-50363
CVE-2024-21905
template injection
CVE-2024-3400
cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started