Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fuzion vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2008-5748
Directory traversal vulnerability in plugins/spaw2/dialogs/dialog.php in BloofoxCMS 0.3.4 allows remote malicious users to read arbitrary files via the (1) lang, (2) theme, and (3) module parameters.
Bloofox Bloofoxcms 0.3.4
1 EDB exploit
NA
CVE-2009-3167
Directory traversal vulnerability in index.php in Anantasoft Gazelle CMS 1.0, when magic_quotes_gpc is disabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the template parameter.
Anantasoft Gazelle Cms 1.0
2 EDB exploits
NA
CVE-2008-6851
SQL injection vulnerability in page.php in PHP Link Directory (phpLD) 3.3, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the name parameter.
Php Link Directory Php Link Directory 3.3
1 EDB exploit
NA
CVE-2009-0645
Directory traversal vulnerability in index.php in Jaws 0.8.8 allows remote authenticated users to read arbitrary files via a .. (dot dot) in the (1) language, (2) Introduction_complete, and (3) use_log parameters, different vectors than CVE-2004-2445.
Jaws Jaws 0.8.8
1 EDB exploit
NA
CVE-2009-0295
SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Itlpoll Itpoll 2.7
1 EDB exploit
NA
CVE-2009-0286
Directory traversal vulnerability in upgrade/index.php in OpenGoo 1.1, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote malicious users to read arbitrary files via a .. (dot dot) in the form_data[script_class] parameter.
Opengoo Opengoo 1.1
1 EDB exploit
NA
CVE-2008-5890
SQL injection vulnerability in feeds.php in Injader prior to 2.1.2 allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Injader Injader 2.0.3
Injader Injader 2.0.2
Injader Injader 1.6.1
Injader Injader
Injader Injader 2.1.0
1 EDB exploit
NA
CVE-2008-5859
SQL injection vulnerability in index.php in Constructr CMS 3.02.5 and previous versions, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the show_page parameter.
Constructr Constructr-cms 3.01.2
Constructr Constructr-cms 3.01.3
Constructr Constructr-cms 3.02.4
Constructr Constructr-cms 3.02.3
Constructr Constructr-cms 3.01.6
Constructr Constructr-cms 3.01.4
Constructr Constructr-cms 3.01.0
Constructr Constructr-cms 3.01.1
Constructr Constructr-cms 3.02.2
Constructr Constructr-cms 3.01.9
Constructr Constructr-cms 3.00.2
Constructr Constructr-cms 3.00.0
Constructr Constructr-cms 3.02.1
Constructr Constructr-cms 3.01.8
Constructr Constructr-cms 3.01.5
Constructr Constructr-cms 3.00.1
Constructr Constructr-cms 3.01.7
Constructr Constructr-cms 3.02.0
Constructr Constructr-cms
1 EDB exploit
NA
CVE-2008-5856
Directory traversal vulnerability in scripts/export.php in ClaSS prior to 0.8.61 allows remote malicious users to read arbitrary files via directory traversal sequences in the ftype parameter.
Class Class
Class Class 0.8.59
Class Class 0.8.20
Class Class 0.8.14
Class Class 0.6.1
Class Class 0.6.0
Class Class 0.4
Class Class 0.8.32
Class Class 0.8.29
Class Class 0.8.26
Class Class 0.8
Class Class 0.8.0
Class Class 0.4.1
Class Class 0.4.0
Class Class 0.8.47
Class Class 0.8.40
Class Class 0.8.5
Class Class 0.5.0
Class Class 0.4.2
Class Class 0.8.56
Class Class 0.8.51
Class Class 0.8.10
1 EDB exploit
NA
CVE-2008-5860
Directory traversal vulnerability in backend/template.php in Constructr CMS 3.02.5 and previous versions, when register_globals is enabled and magic_quotes_gpc is disabled, allows remote malicious users to create or read arbitrary files via directory traversal sequences in the ed...
Constructr Constructr-cms 3.00.1
Constructr Constructr-cms 3.00.2
Constructr Constructr-cms 3.02.0
Constructr Constructr-cms 3.02.1
Constructr Constructr-cms 3.00.0
Constructr Constructr-cms 3.01.2
Constructr Constructr-cms 3.01.8
Constructr Constructr-cms 3.02.4
Constructr Constructr-cms 3.01.4
Constructr Constructr-cms 3.01.5
Constructr Constructr-cms 3.01.1
Constructr Constructr-cms 3.01.7
Constructr Constructr-cms 3.01.9
Constructr Constructr-cms
Constructr Constructr-cms 3.01.6
Constructr Constructr-cms 3.01.3
Constructr Constructr-cms 3.01.0
Constructr Constructr-cms 3.02.3
Constructr Constructr-cms 3.02.2
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-29895
inject
CVE-2023-52689
CVE-2024-5049
CVE-2024-5051
privilege escalation
physical
CVE-2023-52676
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »