IDCVSSSummaryLast (major) updatePublished
CVE-2015-8375 3.5
Cross-site scripting (XSS) vulnerability in PHP-Fusion 9.
25-09-2017 - 17:29 25-09-2017 - 17:29
CVE-2013-7375 7.5
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
30-12-2016 - 21:59 05-05-2014 - 13:06
CVE-2014-8596 7.5
Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/adm
17-11-2014 - 17:42 17-11-2014 - 11:59
CVE-2013-1804 4.3
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permiss
04-08-2014 - 17:41 29-04-2014 - 16:55
CVE-2013-1803 7.5
Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary S
09-05-2014 - 23:52 05-05-2014 - 13:06
CVE-2013-1807 5.0
PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administr
01-05-2014 - 11:35 30-04-2014 - 19:58
CVE-2013-1806 6.5
Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrato
01-05-2014 - 11:27 30-04-2014 - 19:58
CVE-2012-6043 4.3
Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.
27-11-2012 - 00:00 26-11-2012 - 17:55
CVE-2010-4931 10.0
** DISPUTED ** Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable th
14-05-2012 - 00:00 09-10-2011 - 06:55
CVE-2010-4791 7.5
SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter
21-09-2011 - 23:27 26-04-2011 - 20:55
CVE-2008-1918 6.0
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] paramete
05-08-2011 - 00:00 23-04-2008 - 09:05
CVE-2008-5335 6.8
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157,
07-03-2011 - 22:14 04-12-2008 - 20:30
CVE-2007-5187 7.5
SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter.
07-03-2011 - 22:00 03-10-2007 - 10:17
CVE-2011-0512 6.8
SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter.
24-01-2011 - 00:00 20-01-2011 - 14:00
CVE-2009-4889 7.5
SQL injection vulnerability in books.php in the Book Panel (book_panel) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the bookid parameter.
11-06-2010 - 00:00 11-06-2010 - 10:30
CVE-2009-3119 7.5
SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter.
10-09-2009 - 00:00 09-09-2009 - 18:30
CVE-2008-5197 7.5
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.
19-08-2009 - 01:21 21-11-2008 - 12:30
CVE-2008-5196 7.5
SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter.
19-08-2009 - 01:21 21-11-2008 - 12:30
CVE-2008-5733 7.5
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter.
10-07-2009 - 01:28 26-12-2008 - 12:30
CVE-2008-6850 4.3
Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
07-07-2009 - 00:00 07-07-2009 - 15:00
CVE-2008-5946 7.5
SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
18-03-2009 - 01:47 22-01-2009 - 06:30
CVE-2009-0832 7.5
SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter.
06-03-2009 - 00:00 05-03-2009 - 15:30
CVE-2009-0831 6.0
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.
06-03-2009 - 00:00 05-03-2009 - 15:30
CVE-2008-5074 7.5
SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
29-01-2009 - 01:58 14-11-2008 - 13:07
CVE-2007-3559 3.5
Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to t
15-11-2008 - 01:53 04-07-2007 - 12:30
Back to Top Mark selected
Back to Top