Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-fusion php-fusion - vulnerabilities and exploits
(subscribe to this query)
6.4
CVSSv2
CVE-2006-2459
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and previous versions allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.
Php Fusion Php Fusion 6.00.307
Php Fusion Php Fusion 6.00.306
1 EDB exploit
6.4
CVSSv2
CVE-2006-2330
PHP-Fusion 6.00.306 and previous versions, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which...
Php Fusion Php Fusion 6.00.110
Php Fusion Php Fusion 6.00.204
Php Fusion Php Fusion 6.00.107
Php Fusion Php Fusion 6.00.109
Php Fusion Php Fusion 6.00.206
Php Fusion Php Fusion 6.00.3
Php Fusion Php Fusion 6.00.303
Php Fusion Php Fusion 6.00.105
Php Fusion Php Fusion 6.00.106
Php Fusion Php Fusion 6.00.304
Php Fusion Php Fusion 6.00.306
1 EDB exploit
6.4
CVSSv2
CVE-2006-2331
Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote malicious users to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a .. (dot d...
Php Fusion Php Fusion 6.00.106
Php Fusion Php Fusion 6.00.107
Php Fusion Php Fusion 6.00.304
Php Fusion Php Fusion 6.00.306
Php Fusion Php Fusion 6.00.105
Php Fusion Php Fusion 6.00.3
Php Fusion Php Fusion 6.00.303
Php Fusion Php Fusion 6.00.109
Php Fusion Php Fusion 6.00.110
Php Fusion Php Fusion 6.00.204
Php Fusion Php Fusion 6.00.206
1 EDB exploit
6
CVSSv2
CVE-2009-0831
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.
Php-fusion Members Cv Module 1.0
1 EDB exploit
6
CVSSv2
CVE-2008-1918
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action....
Php-fusion Php-fusion 6.01.14
Php-fusion Php-fusion 6.00.307
2 EDB exploits
5.8
CVSSv2
CVE-2006-3555
Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion prior to 6.01.3 allow remote malicious users to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, an...
Php Fusion Php Fusion 6.00.102
Php Fusion Php Fusion 6.00.103
Php Fusion Php Fusion 6.00.110
Php Fusion Php Fusion 6.00.200
Php Fusion Php Fusion 6.00.304
Php Fusion Php Fusion 6.00.306
Php Fusion Php Fusion 6.0.105
Php Fusion Php Fusion 6.00.104
Php Fusion Php Fusion 6.00.105
Php Fusion Php Fusion 6.00.204
Php Fusion Php Fusion 6.00.205
Php Fusion Php Fusion 6.00.307
Php Fusion Php Fusion 6.01.2
Php Fusion Php Fusion 6.0.106
Php Fusion Php Fusion 6.0.107
Php Fusion Php Fusion 6.00.106
Php Fusion Php Fusion 6.00.107
Php Fusion Php Fusion 6.00.206
Php Fusion Php Fusion 6.00.207
Php Fusion Php Fusion 6.00.100
Php Fusion Php Fusion 6.00.101
Php Fusion Php Fusion 6.00.108
5.5
CVSSv2
CVE-2020-23178
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an malicious user to perform a session replay attack and impersonate the victim user.
Php-fusion Php-fusion 9.03.50
5
CVSSv2
CVE-2013-1807
PHP-Fusion prior to 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote malicious users to obtain sensitive information via a direct request to the backup file in administration/db_backups/.
Php-fusion Php-fusion
Php-fusion Php-fusion 7.02.02
Php-fusion Php-fusion 7.02.01
Php-fusion Php-fusion 7.02.04
Php-fusion Php-fusion 7.02.03
1 EDB exploit
5
CVSSv2
CVE-2005-3739
Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and previous versions allows remote malicious users to obtain the full path via unspecified vectors.
5
CVSSv2
CVE-2005-2401
PHP-Fusion allows remote malicious users to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag.
Php Fusion Php Fusion 6.0.105
Php Fusion Php Fusion 6.0.106
Php Fusion Php Fusion 4.00
Php Fusion Php Fusion 5.0
Php Fusion Php Fusion 4.01
Php Fusion Php Fusion 5.01 Service Pack
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »