Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phpfox phpfox vulnerabilities and exploits
(subscribe to this query)
755
VMScore
CVE-2013-5121
SQL injection vulnerability in PHPFox prior to 3.6.0 (build6) allows remote malicious users to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.
Phpfox Phpfox 3.6.0
1 EDB exploit
755
VMScore
CVE-2013-5120
SQL injection vulnerability in PHPFox prior to 3.6.0 (build4) allows remote malicious users to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/.
Phpfox Phpfox 3.6.0
1 EDB exploit
605
VMScore
CVE-2009-0969
Cross-site request forgery (CSRF) vulnerability in account/settings/account/index.php in phpFoX 1.6.21 allows remote malicious users to hijack the authentication of administrators for requests that change the email address via the act[update] action.
Phpfox Phpfox 1.6.2.1
555
VMScore
CVE-2013-7196
static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[item_id] parameter for the publication.
Phpfox Phpfox 3.7.4
Phpfox Phpfox 3.7.5
Phpfox Phpfox 3.7.3
1 EDB exploit
1 Github repository
490
VMScore
CVE-2013-7195
PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication.
Phpfox Phpfox 3.7.4
Phpfox Phpfox 3.7.3
1 Github repository
435
VMScore
CVE-2014-8469
Cross-site scripting (XSS) vulnerability in Guests/Boots in AdminCP in Moxi9 PHPFox prior to 4 Beta allows remote malicious users to inject arbitrary web script or HTML via the User-Agent header.
Moxi9 Phpfox
1 EDB exploit
1 Github repository
356
VMScore
CVE-2006-2631
phpFoX allows remote authenticated users to modify arbitrary accounts via a modified NATIO cookie value, possibly the phpfox_user parameter.
Phpfox Phpfox
NA
CVE-2022-34560
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the History parameter.
NA
CVE-2022-34561
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the video description parameter.
NA
CVE-2022-34562
A cross-site scripting (XSS) vulnerability in PHPFox v4.8.9 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the status box.
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversal
CVE-2024-33545
CVE-2024-35725
CVE-2024-32704
overflow
file upload
CVE-2024-0230
CVE-2024-32705
CVE-2024-23692
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »