Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-fusion php-fusion - vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2005-2075
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote malicious users to obtain sensitive information via a direct request to the filename in the administration/db_backups dire...
Php Fusion Php Fusion 5.0
Php Fusion Php Fusion 6.0
1 EDB exploit
5
CVSSv2
CVE-2005-0345
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote malicious users to view protected forums via the thread_id parameter.
Php Fusion Php Fusion 4.0
1 EDB exploit
5
CVSSv2
CVE-2004-1723
The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote malicious users to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.
Php Fusion Php Fusion 4.00
4.9
CVSSv2
CVE-2020-23182
The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows malicious users to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel.
Php-fusion Php-fusion 9.03.60
4.3
CVSSv2
CVE-2014-8597
A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote malicious users to inject arbitrary web script or HTML via the status parameter in the CMS admin panel.
Php-fusion Phpfusion 7.02.07
4.3
CVSSv2
CVE-2021-40541
PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text.
Php-fusion Phpfusion 9.03.110
4.3
CVSSv2
CVE-2021-28280
CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote malicious users to inject arbitrary web script or HTML
Php-fusion Phpfusion 9.03.110
4.3
CVSSv2
CVE-2020-35687
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.
Php-fusion Phpfusion 9.03.90
4.3
CVSSv2
CVE-2020-17450
PHP-Fusion 9.03 allows XSS on the preview page.
Php-fusion Php-fusion
4.3
CVSSv2
CVE-2020-12708
Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote malicious users to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043.
Php-fusion Php-fusion 9.03.50
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23316
SQL injection
type confusion
CVE-2024-20697
CVE-2024-4344
local
CVE-2024-30043
CVE-2024-3821
CVE-2024-5041
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »