Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpfox phpfox vulnerabilities and exploits
(subscribe to this query)
9.8
CVSSv3
CVE-2023-46817
An issue exists in phpFox prior to 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated malicious users to inject arbitrary PH...
Phpfox Phpfox
NA
CVE-2022-34560
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter.
NA
CVE-2022-34561
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter.
NA
CVE-2022-34562
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the status box.
NA
CVE-2014-8469
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox prior to 4 Beta allows remote malicious users to inject arbitrary web script or HTML via the User-Agent header.
Moxi9 Phpfox
1 EDB exploit
1 Github repository
NA
CVE-2013-7196
static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.
Phpfox Phpfox 3.7.4
Phpfox Phpfox 3.7.5
Phpfox Phpfox 3.7.3
1 EDB exploit
1 Github repository
NA
CVE-2013-7195
PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication.
Phpfox Phpfox 3.7.4
Phpfox Phpfox 3.7.3
1 Github repository
NA
CVE-2013-5121
SQL injection vulnerability in PHPFox prior to 3.6.0 (build6) allows remote malicious users to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.
Phpfox Phpfox 3.6.0
1 EDB exploit
NA
CVE-2013-5120
SQL injection vulnerability in PHPFox prior to 3.6.0 (build4) allows remote malicious users to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/.
Phpfox Phpfox 3.6.0
1 EDB exploit
NA
CVE-2012-1300
phpFox versions 3.0.1 and below remote command execution exploit that leverages ajax.php.
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »