Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-fusion php-fusion vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-2075
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote malicious users to obtain sensitive information via a direct request to the filename in the administration/db_backups dire...
Php Fusion Php Fusion 5.0
Php Fusion Php Fusion 6.0
1 EDB exploit
NA
CVE-2008-6850
Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Php-fusion Php-fusion 6.01.17
Php-fusion Php-fusion 7.00.3
NA
CVE-2008-1918
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action....
Php-fusion Php-fusion 6.01.14
Php-fusion Php-fusion 6.00.307
2 EDB exploits
6.1
CVSSv3
CVE-2020-17450
PHP-Fusion 9.03 allows XSS on the preview page.
Php-fusion Php-fusion
NA
CVE-2008-5197
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.
Php-fusion Php-fusion -
1 EDB exploit
5.4
CVSSv3
CVE-2020-17449
PHP-Fusion 9.03 allows XSS via the error_log file.
Php-fusion Php-fusion
8.1
CVSSv3
CVE-2021-3172
An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated malicious users to cause a Distributed Denial of Service via the Polling feature.
Php-fusion Php-fusion
8.8
CVSSv3
CVE-2019-12099
In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload.
Php-fusion Php-fusion
NA
CVE-2005-3740
Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php.
Php Fusion Php Fusion
NA
CVE-2010-4931
Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party
Php-fusion Php-fusion -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49333
CVE-2024-33901
CVE-2024-36001
CVE-2024-2835
firewall
XPath injection
authentication bypass
CVE-2024-22120
CVE-2024-32002
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »