Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php fusion php fusion vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-40188
PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.
Php-fusion Phpfusion 9.03.110
6.1
CVSSv3
CVE-2021-40541
PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text.
Php-fusion Phpfusion 9.03.110
NA
CVE-2007-1978
SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the cid parameter in a view_game_list action.
Php Fusion Arcade Module 1.00
1 EDB exploit
NA
CVE-2008-5074
SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the linkid parameter.
Php-fusion Freshlinks Module 1.0
1 EDB exploit
NA
CVE-2008-4527
SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information.
Php-fusion Recepies Module 1.1
1 EDB exploit
NA
CVE-2008-5196
SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and previous versions module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the category parameter.
Php-fusion The Kroax Module
1 EDB exploit
NA
CVE-2007-1845
SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the m_month parameter.
Php Fusion Expanded Calendar Module 2.0
1 EDB exploit
NA
CVE-2009-0831
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.
Php-fusion Members Cv Module 1.0
1 EDB exploit
NA
CVE-2008-2227
Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote malicious users to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the ...
Php-fusion Forum Rank System 6
1 EDB exploit
NA
CVE-2007-5187
SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the sel parameter.
Php-fusion Expanded Calendar Module 2.01
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-37316
firmware
CVE-2024-30078
CVE-2024-5995
remote code execution
logic flaw
CVE-2024-20693
CVE-2024-37315
CVE-2024-5464
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
3
4
5
6
7
8
9
10
NEXT »