Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php-fusion phpfusion vulnerabilities and exploits
(subscribe to this query)
8.8
CVSSv3
CVE-2023-2453
There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘require_once’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be ...
Php-fusion Phpfusion
1 Github repository
5.5
CVSSv3
CVE-2023-4480
Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker can send a crafted request that allows them to read the contents of files on the system accessible within the privileges of the running process. Ad...
Php-fusion Phpfusion
8.8
CVSSv3
CVE-2022-3152
Unverified Password Change in GitHub repository phpfusion/phpfusion before 9.10.20.
Php-fusion Phpfusion
6.1
CVSSv3
CVE-2014-8597
A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote malicious users to inject arbitrary web script or HTML via the status parameter in the CMS admin panel.