Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php fusion vulnerabilities and exploits
(subscribe to this query)
3.5
CVSSv2
CVE-2020-23702
Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.php.
Php-fusion Php-fusion 9.03.60
4.3
CVSSv2
CVE-2012-6043
Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote malicious users to inject arbitrary web script or HTML via the cat_id parameter.
Php-fusion Php-fusion 7.02.04
1 EDB exploit
7.5
CVSSv2
CVE-2004-2437
SQL injection vulnerability in PHP-Fusion 4.01 allows remote malicious users to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php.
Php Fusion Php Fusion 4.01
4.3
CVSSv2
CVE-2004-2438
Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote malicious users to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field.
Php Fusion Php Fusion 4.01
5
CVSSv2
CVE-2005-0345
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote malicious users to view protected forums via the thread_id parameter.
Php Fusion Php Fusion 4.0
1 EDB exploit
4.9
CVSSv2
CVE-2020-23182
The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows malicious users to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel.
Php-fusion Php-fusion 9.03.60
3.5
CVSSv2
CVE-2020-23185
A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Php-fusion Php-fusion 9.03.60
3.5
CVSSv2
CVE-2020-23658
PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php.
Php-fusion Php-fusion 9.03.60
6.5
CVSSv2
CVE-2020-14960
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,
Php-fusion Php-fusion 9.03.50
4.3
CVSSv2
CVE-2005-2074
Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote malicious users to inject arbitrary web script or HTML via a news or article post, possibly involving the (1) news_body, (2) article_description, or (3) article_body parameters to submit.php.
Php Fusion Php Fusion 6.0.105
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48700
CVE-2022-48689
CVE-2024-27956
CVE-2023-6363
SQL
NULL pointer dereference
CVE-2023-41830
CVE-2015-2051
arbitrary
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »