Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-fusion vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2020-12708
Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote malicious users to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043.
Php-fusion Php-fusion 9.03.50
NA
CVE-2005-4655
Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote malicious users to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as "<me<meta>ta" and "<sc<s...
Php Fusion Php Fusion 6.00.204
8.8
CVSSv3
CVE-2020-12461
PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over a...
Php-fusion Php-fusion 9.03.50
5.4
CVSSv3
CVE-2015-8375
Cross-site scripting (XSS) vulnerability in PHP-Fusion 9.
Php-fusion Php-fusion 9.00
NA
CVE-2014-8596
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/administration/members.php.
Php-fusion Php-fusion 7.02.07
1 EDB exploit
4.8
CVSSv3
CVE-2020-15041
PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field.
Php-fusion Php-fusion 9.03.60
NA
CVE-2005-0345
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote malicious users to view protected forums via the thread_id parameter.
Php Fusion Php Fusion 4.0
1 EDB exploit
8.8
CVSSv3
CVE-2020-24949
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).
Php-fusion Php-fusion 9.03.50
NA
CVE-2004-1723
The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote malicious users to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.
Php Fusion Php Fusion 4.00
NA
CVE-2004-1724
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote malicious users to download or view database backups, which have easily guessable filenames and conta...
Php Fusion Php Fusion 4.0
1 EDB exploit
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
remote code execution
CVE-2024-34909
CVE-2024-3317
SSTI
CVE-2024-3400
CVE-2024-30051
wireless
CVE-2024-4622
CVE-2024-4908
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »