Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-fusion vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2007-5187
SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the sel parameter.
Php-fusion Expanded Calendar Module 2.01
1 EDB exploit
7.5
CVSSv2
CVE-2008-4521
SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the INFO_RAID_ID parameter.
Php-fusion World Of Warcraft Tracker Infusion Module 2.0
1 EDB exploit
NA
CVE-2013-1805
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2013-1806. Reason: This issue was MERGED into CVE-2013-1806 in accordance with CVE content decisions, because it is the same type of vulnerability and affects the same versions. Notes: All CVE users should referen...
1 EDB exploit
7.5
CVSSv2
CVE-2009-3119
SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the view_id parameter.
X-iweb.ru Download System Msf
1 EDB exploit
NA
CVE-2020-356871
PHP-Fusion version 9.03.90 suffers from a cross site request forgery vulnerability.
7.5
CVSSv2
CVE-2005-3159
SQL injection vulnerability in messages.php in PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158.
1 EDB exploit
7.5
CVSSv2
CVE-2007-1980
SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the cid parameter.
Nick Jones Topliste Module 1.0
1 EDB exploit
6.8
CVSSv2
CVE-2011-0512
SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the team_id parameter.
Jikaka Teams Structure Module 3.0
1 EDB exploit
7.5
CVSSv2
CVE-2010-4791
SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the album_id parameter.
Marcusg Mg User Fotoalbum Panel 1.0.1
1 EDB exploit
7.5
CVSSv2
CVE-2009-0832
SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote malicious users to execute arbitrary SQL commands via the CA parameter.
Ausimods E-cart 1.3
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
4
5
6
7
8
9
10
NEXT »