Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-fusion php-fusion - vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2013-1804
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion prior to 7.02.06 allow remote malicious users to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitra...
Php-fusion Php-fusion
Php-fusion Php-fusion 7.02.03
Php-fusion Php-fusion 7.02.01
Php-fusion Php-fusion 7.02.02
Php-fusion Php-fusion 7.02.04
1 EDB exploit
NA
CVE-2013-1806
Multiple directory traversal vulnerabilities in PHP-Fusion prior to 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files...
Php-fusion Php-fusion
Php-fusion Php-fusion 7.02.03
Php-fusion Php-fusion 7.02.01
Php-fusion Php-fusion 7.02.02
Php-fusion Php-fusion 7.02.04
1 EDB exploit
NA
CVE-2013-1807
PHP-Fusion prior to 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote malicious users to obtain sensitive information via a direct request to the backup file in administration/db_backups/.
Php-fusion Php-fusion
Php-fusion Php-fusion 7.02.03
Php-fusion Php-fusion 7.02.01
Php-fusion Php-fusion 7.02.02
Php-fusion Php-fusion 7.02.04
1 EDB exploit
NA
CVE-2005-2401
PHP-Fusion allows remote malicious users to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag.
Php Fusion Php Fusion 4.01
Php Fusion Php Fusion 6.0.105
Php Fusion Php Fusion 4.00
Php Fusion Php Fusion 6.0.106
Php Fusion Php Fusion 5.0
Php Fusion Php Fusion 5.01 Service Pack
NA
CVE-2013-7375
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 up to and including 7.02.05 allows remote malicious users to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
Php-fusion Php-fusion 7.02.03
Php-fusion Php-fusion 7.02.05
Php-fusion Php-fusion 7.02.01
Php-fusion Php-fusion 7.02.02
Php-fusion Php-fusion 7.02.04
1 EDB exploit
NA
CVE-2005-4517
SQL injection vulnerability in PHP-Fusion 6.00.200 up to and including 6.00.300 allows remote malicious users to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as ratings_include.php.
Php Fusion Php Fusion 6.00.207
Php Fusion Php Fusion 6.00.200
Php Fusion Php Fusion 6.00.206
Php Fusion Php Fusion 6.00.300
1 EDB exploit
NA
CVE-2007-3559
Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.
Php-fusion Php-fusion 6.01.9
Php-fusion Php-fusion 6.01.10
NA
CVE-2005-3158
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and 6.00.107 allows remote malicious users to execute arbitrary SQL commands via the (1) pm_email_notify and (2) pm_save_sent parameters, a different vulnerability than CVE-2005-3157 and CVE-2005-3159.
Php Fusion Php Fusion 6.00.106
Php Fusion Php Fusion 6.00.107
NA
CVE-2005-2075
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote malicious users to obtain sensitive information via a direct request to the filename in the administration/db_backups dire...
Php Fusion Php Fusion 5.0
Php Fusion Php Fusion 6.0
1 EDB exploit
NA
CVE-2008-6850
Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Php-fusion Php-fusion 6.01.17
Php-fusion Php-fusion 7.00.3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-5834
CVE-2024-30100
CVE-2024-4577
physical
dos
CVE-2024-30099
CVE-2024-27801
CVE-2024-32146
logic flaw
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
NEXT »