Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php fusion php fusion vulnerabilities and exploits
(subscribe to this query)
6.5
CVSSv2
CVE-2020-14960
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,
Php-fusion Php-fusion 9.03.50
4.3
CVSSv2
CVE-2005-2074
Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote malicious users to inject arbitrary web script or HTML via a news or article post, possibly involving the (1) news_body, (2) article_description, or (3) article_body parameters to submit.php.
Php Fusion Php Fusion 6.0.105
5.5
CVSSv2
CVE-2020-23178
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an malicious user to perform a session replay attack and impersonate the victim user.
Php-fusion Php-fusion 9.03.50
3.5
CVSSv2
CVE-2020-23179
A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer" field.
Php-fusion Php-fusion 9.03.50
3.5
CVSSv2
CVE-2020-23181
A reflected cross site scripting (XSS) vulnerability in /administration/theme.php of PHP-Fusion 9.03.60 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Manage Theme" field.
Php-fusion Php-fusion 9.03.60
4.9
CVSSv2
CVE-2020-23182
The component /php-fusion/infusions/shoutbox_panel/shoutbox_archive.php in PHP-Fusion 9.03.60 allows malicious users to redirect victim users to malicious websites via a crafted payload entered into the Shoutbox message panel.
Php-fusion Php-fusion 9.03.60
3.5
CVSSv2
CVE-2020-23184
A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field.
Php-fusion Php-fusion 9.03.60
3.5
CVSSv2
CVE-2020-23185
A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Php-fusion Php-fusion 9.03.60
4.3
CVSSv2
CVE-2005-0829
Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote malicious users to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters.
Php Fusion Php Fusion 5.01
1 EDB exploit
5
CVSSv2
CVE-2004-1723
The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote malicious users to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.
Php Fusion Php Fusion 4.00
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044
remote code execution
CVE-2024-37080
CVE-2024-5182
CVE-2024-4390
CVE-2024-6100
brute force
CVE-2021-47581
file inclusion
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »