Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php fusion php fusion vulnerabilities and exploits
(subscribe to this query)
8.1
CVSSv3
CVE-2021-3172
An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated malicious users to cause a Distributed Denial of Service via the Polling feature.
Php-fusion Php-fusion
5.4
CVSSv3
CVE-2020-12706
Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote malicious users to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php
Php-fusion Php-fusion 9.03.50
NA
CVE-2005-0829
Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote malicious users to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters.
Php Fusion Php Fusion 5.01
1 EDB exploit
NA
CVE-2004-2437
SQL injection vulnerability in PHP-Fusion 4.01 allows remote malicious users to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php.
Php Fusion Php Fusion 4.01
NA
CVE-2005-0692
Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote malicious users to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript.
Php Fusion Php Fusion 5.0
5.4
CVSSv3
CVE-2020-23178
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an malicious user to perform a session replay attack and impersonate the victim user.
Php-fusion Php-fusion 9.03.50
5.4
CVSSv3
CVE-2020-23181
A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field.
Php-fusion Php-fusion 9.03.60
NA
CVE-2005-3157
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote malicious users to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159.
Php Fusion Php Fusion 6.00.109
1 EDB exploit
8.8
CVSSv3
CVE-2020-24949
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
Php-fusion Php-fusion 9.03.50
5.4
CVSSv3
CVE-2020-12718
In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle.
Php-fusion Php-fusion 9.03.50
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33228
CVE-2024-20361
log injection
bypass
CVE-2024-4985
CVE-2024-35223
CVE-2024-29849
CVE-2024-31893
IMAP
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »