Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-fusion vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2020-23702
Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php.
Php-fusion Php-fusion 9.03.60
NA
CVE-2005-0345
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote malicious users to view protected forums via the thread_id parameter.
Php Fusion Php Fusion 4.0
1 EDB exploit
NA
CVE-2005-0692
Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote malicious users to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript.
Php Fusion Php Fusion 5.0
NA
CVE-2005-0829
Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote malicious users to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters.
Php Fusion Php Fusion 5.01
1 EDB exploit
NA
CVE-2005-4005
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote malicious users to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php.
Php Fusion Php Fusion 6.00.109
1 EDB exploit
5.4
CVSSv3
CVE-2020-12706
Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote malicious users to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php
Php-fusion Php-fusion 9.03.50
6.1
CVSSv3
CVE-2020-12708
Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote malicious users to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043.
Php-fusion Php-fusion 9.03.50
5.4
CVSSv3
CVE-2020-23178
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an malicious user to perform a session replay attack and impersonate the victim user.
Php-fusion Php-fusion 9.03.50
5.4
CVSSv3
CVE-2020-23179
A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer" field.
Php-fusion Php-fusion 9.03.50
5.4
CVSSv3
CVE-2020-23181
A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field.
Php-fusion Php-fusion 9.03.60
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »