| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2013-7375 | 7.5 |
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.
|
31-12-2016 - 02:59 | 05-05-2014 - 17:06 | |
| CVE-2013-1804 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permiss
|
04-08-2014 - 21:41 | 29-04-2014 - 20:55 | |
| CVE-2013-1803 | 7.5 |
Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary S
|
10-05-2014 - 03:52 | 05-05-2014 - 17:06 | |
| CVE-2013-1807 | 5.0 |
PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administr
|
01-05-2014 - 15:35 | 30-04-2014 - 23:58 | |
| CVE-2013-1806 | 6.5 |
Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrato
|
01-05-2014 - 15:27 | 30-04-2014 - 23:58 |