Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-fusion php-fusion vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2008-5335
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005...
Php-fusion Php-fusion 6.01.15
Php-fusion Php-fusion 7.00.1
1 EDB exploit
NA
CVE-2005-2075
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote malicious users to obtain sensitive information via a direct request to the filename in the administration/db_backups dire...
Php Fusion Php Fusion 5.0
Php Fusion Php Fusion 6.0
1 EDB exploit
NA
CVE-2008-1918
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action....
Php-fusion Php-fusion 6.01.14
Php-fusion Php-fusion 6.00.307
2 EDB exploits
NA
CVE-2008-5197
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.
Php-fusion Php-fusion -
1 EDB exploit
NA
CVE-2010-4931
Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party
Php-fusion Php-fusion -
1 EDB exploit
NA
CVE-2005-3740
Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and previous versions allow remote malicious users to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php.
Php Fusion Php Fusion
8.8
CVSSv3
CVE-2019-12099
In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload.
Php-fusion Php-fusion
8.1
CVSSv3
CVE-2021-3172
An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated malicious users to cause a Distributed Denial of Service via the Polling feature.
Php-fusion Php-fusion
6.5
CVSSv3
CVE-2020-35952
login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x prior to 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumerati...
Php-fusion Php-fusion
5.4
CVSSv3
CVE-2020-17449
PHP-Fusion 9.03 allows XSS via the error_log file.
Php-fusion Php-fusion
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
NEXT »