Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php fusion php fusion vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2005-3158
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and 6.00.107 allows remote malicious users to execute arbitrary SQL commands via the (1) pm_email_notify and (2) pm_save_sent parameters, a different vulnerability than CVE-2005-3157 and CVE-2005-3159.
Php Fusion Php Fusion 6.00.106
Php Fusion Php Fusion 6.00.107
NA
CVE-2006-2459
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and previous versions allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.
Php Fusion Php Fusion 6.00.307
Php Fusion Php Fusion 6.00.306
1 EDB exploit
NA
CVE-2008-5335
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005...
Php-fusion Php-fusion 6.01.15
Php-fusion Php-fusion 7.00.1
1 EDB exploit
6.5
CVSSv3
CVE-2020-35952
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x prior to 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumerati...
Php-fusion Php-fusion
8.1
CVSSv3
CVE-2021-3172
An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated malicious users to cause a Distributed Denial of Service via the Polling feature.
Php-fusion Php-fusion
NA
CVE-2005-3740
Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php.
Php Fusion Php Fusion
5.4
CVSSv3
CVE-2020-17449
PHP-Fusion 9.03 allows XSS via the error_log file.
Php-fusion Php-fusion
8.8
CVSSv3
CVE-2019-12099
In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload.
Php-fusion Php-fusion
NA
CVE-2010-4931
Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party
Php-fusion Php-fusion -
1 EDB exploit
NA
CVE-2008-5197
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.
Php-fusion Php-fusion -
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
camera
bypass
CVE-2024-3592
CVE-2024-37383
CVE-2024-24919
CVE-2024-27822
CVE-2024-36788
CVE-2024-36789
man-in-the-middle
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »