Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpfox phpfox vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2022-34560
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter.
NA
CVE-2022-34561
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter.
NA
CVE-2022-34562
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the status box.
9.8
CVSSv3
CVE-2023-46817
An issue exists in phpFox prior to 4.8.14. The url request parameter passed to the /core/redirect route is not properly sanitized before being used in a call to the unserialize() PHP function. This can be exploited by remote, unauthenticated malicious users to inject arbitrary PH...
Phpfox Phpfox
NA
CVE-2014-8469
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox prior to 4 Beta allows remote malicious users to inject arbitrary web script or HTML via the User-Agent header.
Moxi9 Phpfox
1 EDB exploit
1 Github repository
NA
CVE-2013-7195
PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication.
Phpfox Phpfox 3.7.4
Phpfox Phpfox 3.7.3
1 Github repository
NA
CVE-2013-7196
static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.
Phpfox Phpfox 3.7.4
Phpfox Phpfox 3.7.5
Phpfox Phpfox 3.7.3
1 EDB exploit
1 Github repository
NA
CVE-2013-5120
SQL injection vulnerability in PHPFox prior to 3.6.0 (build4) allows remote malicious users to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/.
Phpfox Phpfox 3.6.0
1 EDB exploit
NA
CVE-2013-5121
SQL injection vulnerability in PHPFox prior to 3.6.0 (build6) allows remote malicious users to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.
Phpfox Phpfox 3.6.0
1 EDB exploit
NA
CVE-2012-1300
phpFox versions 3.0.1 and below remote command execution exploit that leverages ajax.php.
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »