Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php fusion vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-17450
PHP-Fusion 9.03 allows XSS on the preview page.
Php-fusion Php-fusion
5
CVSSv2
CVE-2005-0345
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote malicious users to view protected forums via the thread_id parameter.
Php Fusion Php Fusion 4.0
1 EDB exploit
5
CVSSv2
CVE-2004-1723
The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote malicious users to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.
Php Fusion Php Fusion 4.00
7.5
CVSSv2
CVE-2004-1724
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote malicious users to download or view database backups, which have easily guessable filenames and conta...
Php Fusion Php Fusion 4.0
1 EDB exploit
7.5
CVSSv2
CVE-2005-4005
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote malicious users to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php.
Php Fusion Php Fusion 6.00.109
1 EDB exploit
3.5
CVSSv2
CVE-2015-8375
Cross-site scripting (XSS) vulnerability in PHP-Fusion 9.
Php-fusion Php-fusion 9.00
3.5
CVSSv2
CVE-2020-15041
PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field.
Php-fusion Php-fusion 9.03.60
9
CVSSv2
CVE-2020-24949
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
Php-fusion Php-fusion 9.03.50
4.3
CVSSv2
CVE-2012-6043
Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote malicious users to inject arbitrary web script or HTML via the cat_id parameter.
Php-fusion Php-fusion 7.02.04
1 EDB exploit
7.5
CVSSv2
CVE-2008-5946
SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote malicious users to execute arbitrary SQL commands via the news_id parameter.
Php-fusion Php-fusion 4.01
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »