Skip to main content

Glfusion

5 CVEs product

Monthly

CVE-2021-44942 MEDIUM POC This Month

glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Glfusion
NVD GitHub
CVSS 3.1
4.3
EPSS
0.3%
CVE-2021-44949 CRITICAL POC Act Now

glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Glfusion
NVD GitHub
CVSS 3.1
9.8
EPSS
1.1%
CVE-2021-44937 MEDIUM POC This Month

glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Glfusion
NVD GitHub
CVSS 3.1
5.3
EPSS
0.7%
CVE-2021-44935 CRITICAL POC Act Now

glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Glfusion
NVD GitHub
CVSS 3.1
9.1
EPSS
0.5%
CVE-2013-1466 MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Glfusion
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
8.7%
EPSS 0% CVSS 4.3
MEDIUM POC This Month

glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF PHP Glfusion
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Glfusion
NVD GitHub
EPSS 1% CVSS 5.3
MEDIUM POC This Month

glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Authentication Bypass Glfusion
NVD GitHub
EPSS 1% CVSS 9.1
CRITICAL POC Act Now

glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

PHP Information Disclosure Glfusion
NVD GitHub
EPSS 9% CVSS 4.3
MEDIUM POC PATCH This Month

Multiple cross-site scripting (XSS) vulnerabilities in glFusion before 1.2.2.pl4 allow remote attackers to inject arbitrary web script or HTML via the (1) subject parameter to profiles.php; (2). Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available.

PHP XSS Glfusion
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy