Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-fusion php-fusion - vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2004-1724
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote malicious users to download or view database backups, which have easily guessable filenames and conta...
Php Fusion Php Fusion 4.0
1 EDB exploit
6.8
CVSSv2
CVE-2020-23754
Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows malicious users to execute arbitrary code, via the polls feature.
Php-fusion Phpfusion 9.03.50
6.8
CVSSv2
CVE-2011-0512
SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the team_id parameter.
Jikaka Teams Structure Module 3.0
1 EDB exploit
6.8
CVSSv2
CVE-2008-5335
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005...
Php-fusion Php-fusion 6.01.15
Php-fusion Php-fusion 7.00.1
1 EDB exploit
6.8
CVSSv2
CVE-2008-2227
Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the ...
Php-fusion Forum Rank System 6
1 EDB exploit
6.5
CVSSv2
CVE-2021-40188
PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.
Php-fusion Phpfusion 9.03.110
6.5
CVSSv2
CVE-2021-40189
PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.
Php-fusion Phpfusion 9.03.110
6.5
CVSSv2
CVE-2020-14960
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,
Php-fusion Php-fusion 9.03.50
6.5
CVSSv2
CVE-2020-12461
PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over a...
Php-fusion Php-fusion 9.03.50
6.5
CVSSv2
CVE-2013-1806
Multiple directory traversal vulnerabilities in PHP-Fusion prior to 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files...
Php-fusion Php-fusion
Php-fusion Php-fusion 7.02.03
Php-fusion Php-fusion 7.02.02
Php-fusion Php-fusion 7.02.04
Php-fusion Php-fusion 7.02.01
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
NEXT »