Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpfox phpfox vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-7196
static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.
Phpfox Phpfox 3.7.4
Phpfox Phpfox 3.7.5
Phpfox Phpfox 3.7.3
1 EDB exploit
1 Github repository
NA
CVE-2013-7195
PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication.
Phpfox Phpfox 3.7.4
Phpfox Phpfox 3.7.3
1 Github repository
NA
CVE-2006-2631
phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter.
Phpfox Phpfox
9.8
CVSSv3
CVE-2023-46817
An issue exists in phpFox prior to 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated malicious users to inject arbitrary PH...
Phpfox Phpfox
NA
CVE-2009-0969
Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote malicious users to hijack the authentication of administrators for requests that change the email address via the act[update] action.
Phpfox Phpfox 1.6.2.1
NA
CVE-2013-5121
SQL injection vulnerability in PHPFox prior to 3.6.0 (build6) allows remote malicious users to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.
Phpfox Phpfox 3.6.0
1 EDB exploit
NA
CVE-2013-5120
SQL injection vulnerability in PHPFox prior to 3.6.0 (build4) allows remote malicious users to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/.
Phpfox Phpfox 3.6.0
1 EDB exploit
NA
CVE-2014-8469
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox prior to 4 Beta allows remote malicious users to inject arbitrary web script or HTML via the User-Agent header.
Moxi9 Phpfox
1 EDB exploit
1 Github repository
NA
CVE-2012-1300
phpFox versions 3.0.1 and below remote command execution exploit that leverages ajax.php.
1 EDB exploit
NA
CVE-2022-34560
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »