Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php fusion vulnerabilities and exploits
(subscribe to this query)
312
VMScore
CVE-2020-23184
A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload entered into the "Registration" field.
Php-fusion Php-fusion 9.03.60
312
VMScore
CVE-2020-23185
A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authenticated malicious users to execute arbitrary web scripts or HTML via a crafted payload.
Php-fusion Php-fusion 9.03.60
755
VMScore
CVE-2008-5733
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the id parameter.
Php-fusion Team Impact Ti Blog System Module -
1 EDB exploit
NA
CVE-2022-3152
Unverified Password Change in GitHub repository phpfusion/phpfusion before 9.10.20.
Php-fusion Phpfusion
755
VMScore
CVE-2008-5196
SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and previous versions module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the category parameter.
Php-fusion The Kroax Module
1 EDB exploit
NA
CVE-2023-2453
There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be ...
Php-fusion Phpfusion
1 Github repository
NA
CVE-2023-4480
Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Ad...
Php-fusion Phpfusion
383
VMScore
CVE-2014-8597
A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote malicious users to inject arbitrary web script or HTML via the status parameter in the CMS admin panel.
Php-fusion Phpfusion 7.02.07
755
VMScore
CVE-2008-5074
SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the linkid parameter.
Php-fusion Freshlinks Module 1.0
1 EDB exploit
605
VMScore
CVE-2020-23754
Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows malicious users to execute arbitrary code, via the polls feature.
Php-fusion Phpfusion 9.03.50
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-49223
CVE-2024-0044
information disclosure
CVE-2024-35753
HTML injection
CVE-2024-21306
CVE-2024-35733
SQL injection
CVE-2024-35732
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
2
3
4
5
6
7
8
9
10
NEXT »