Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-fusion vulnerabilities and exploits
(subscribe to this query)
4.3
CVSSv2
CVE-2020-35687
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.
Php-fusion Phpfusion 9.03.90
6.5
CVSSv2
CVE-2021-40188
PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.
Php-fusion Phpfusion 9.03.110
7.5
CVSSv2
CVE-2008-5074
SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the linkid parameter.
Php-fusion Freshlinks Module 1.0
1 EDB exploit
6
CVSSv2
CVE-2009-0831
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.
Php-fusion Members Cv Module 1.0
1 EDB exploit
4.3
CVSSv2
CVE-2014-8597
A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote malicious users to inject arbitrary web script or HTML via the status parameter in the CMS admin panel.
Php-fusion Phpfusion 7.02.07
4.3
CVSSv2
CVE-2021-40541
PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text.
Php-fusion Phpfusion 9.03.110
7.5
CVSSv2
CVE-2008-4527
SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information.
Php-fusion Recepies Module 1.1
1 EDB exploit
7.5
CVSSv2
CVE-2007-1978
SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the cid parameter in a view_game_list action.
Php Fusion Arcade Module 1.00
1 EDB exploit
7.5
CVSSv2
CVE-2007-1845
SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the m_month parameter.
Php Fusion Expanded Calendar Module 2.0
1 EDB exploit
6.8
CVSSv2
CVE-2008-2227
Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the ...
Php-fusion Forum Rank System 6
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-22120
CVE-2024-35921
CVE-2024-35874
brute force
CVE-2024-36080
unprivileged
CVE-2024-35917
IDOR
CVE-2024-4947
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »