Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-fusion php-fusion vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-2075
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote malicious users to obtain sensitive information via a direct request to the filename in the administration/db_backups dire...
Php Fusion Php Fusion 5.0
Php Fusion Php Fusion 6.0
1 EDB exploit
4.3
CVSSv2
CVE-2008-6850
Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Php-fusion Php-fusion 6.01.17
Php-fusion Php-fusion 7.00.3
3.5
CVSSv2
CVE-2007-3559
Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.
Php-fusion Php-fusion 6.01.10
Php-fusion Php-fusion 6.01.9
7.5
CVSSv2
CVE-2008-5197
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.
Php-fusion Php-fusion -
1 EDB exploit
7.5
CVSSv2
CVE-2005-3740
Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php.
Php Fusion Php Fusion
9
CVSSv2
CVE-2019-12099
In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload.
Php-fusion Php-fusion
10
CVSSv2
CVE-2010-4931
Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party
Php-fusion Php-fusion -
1 EDB exploit
4
CVSSv2
CVE-2020-35952
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x prior to 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumerati...
Php-fusion Php-fusion
3.5
CVSSv2
CVE-2020-17449
PHP-Fusion 9.03 allows XSS via the error_log file.
Php-fusion Php-fusion
4.3
CVSSv2
CVE-2020-17450
PHP-Fusion 9.03 allows XSS on the preview page.
Php-fusion Php-fusion
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »