Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php fusion vulnerabilities and exploits
(subscribe to this query)
578
VMScore
CVE-2021-40188
PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.
Php-fusion Phpfusion 9.03.110
578
VMScore
CVE-2021-40189
PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.
Php-fusion Phpfusion 9.03.110
755
VMScore
CVE-2008-5196
SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and previous versions module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the category parameter.
Php-fusion The Kroax Module
1 EDB exploit
755
VMScore
CVE-2007-1978
SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the cid parameter in a view_game_list action.
Php Fusion Arcade Module 1.00
1 EDB exploit
755
VMScore
CVE-2008-4527
SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information.
Php-fusion Recepies Module 1.1
1 EDB exploit
755
VMScore
CVE-2008-5074
SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the linkid parameter.
Php-fusion Freshlinks Module 1.0
1 EDB exploit
605
VMScore
CVE-2009-0831
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.
Php-fusion Members Cv Module 1.0
1 EDB exploit
755
VMScore
CVE-2007-1845
SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the m_month parameter.
Php Fusion Expanded Calendar Module 2.0
1 EDB exploit
755
VMScore
CVE-2007-5187
SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the sel parameter.
Php-fusion Expanded Calendar Module 2.01
1 EDB exploit
685
VMScore
CVE-2008-2227
Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the ...
Php-fusion Forum Rank System 6
1 EDB exploit
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3080
log injection
CVE-2024-6041
CVE-2024-37661
XML external entity
CVE-2024-0845
privilege escalation
CVE-2023-37057
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »