Max CVSS | 7.5 | Min CVSS | 2.6 | Total Count | 2 |
ID | CVSS | Summary | Last (major) update | Published | |
CVE-2006-2330 | 6.4 |
PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension
|
18-10-2018 - 16:39 | 12-05-2006 - 00:02 | |
CVE-2006-2331 | 6.4 |
Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.
|
18-10-2018 - 16:39 | 12-05-2006 - 00:02 | |
CVE-2008-5335 | 6.8 |
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157,
|
29-09-2017 - 01:32 | 05-12-2008 - 01:30 | |
CVE-2008-1918 | 6.0 |
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] paramete
|
29-09-2017 - 01:30 | 23-04-2008 - 13:05 | |
CVE-2008-6850 | 4.3 |
Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
17-08-2017 - 01:29 | 07-07-2009 - 19:00 | |
CVE-2006-4673 | 2.6 |
Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.
|
20-07-2017 - 01:33 | 11-09-2006 - 16:04 | |
CVE-2006-0593 | 4.3 |
Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php.
|
20-07-2017 - 01:29 | 08-02-2006 - 01:02 | |
CVE-2005-3161 | 7.5 |
Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 allow remote attackers to execute arbitrary SQL commands via (1) the activate parameter in register.php and (2) the cat_id parameter in faq.php.
|
11-07-2017 - 01:33 | 06-10-2005 - 10:02 | |
CVE-2005-3157 | 7.5 |
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159.
|
18-10-2016 - 03:33 | 06-10-2005 - 10:02 | |
CVE-2005-0692 | 4.3 |
Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript.
|
18-10-2016 - 03:13 | 06-03-2005 - 05:00 | |
CVE-2013-1804 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permiss
|
04-08-2014 - 21:41 | 29-04-2014 - 20:55 | |
CVE-2013-1803 | 7.5 |
Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary S
|
10-05-2014 - 03:52 | 05-05-2014 - 17:06 | |
CVE-2013-1807 | 5.0 |
PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administr
|
01-05-2014 - 15:35 | 30-04-2014 - 23:58 | |
CVE-2013-1806 | 6.5 |
Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrato
|
01-05-2014 - 15:27 | 30-04-2014 - 23:58 |