Skip to main content

Php Fusion

20 CVEs product

Monthly

CVE-2020-24949 HIGH POC THREAT This Week

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Php Fusion
NVD GitHub Exploit-DB
CVSS 3.1
8.8
EPSS
67.3%
CVE-2020-23658 MEDIUM POC This Month

PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-17450 MEDIUM POC This Month

PHP-Fusion 9.03 allows XSS on the preview page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Php Fusion
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-17449 MEDIUM POC This Month

PHP-Fusion 9.03 allows XSS via the error_log file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Php Fusion
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-15041 MEDIUM POC This Month

PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD GitHub
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-14960 HIGH POC PATCH This Week

A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Php Fusion
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
1.7%
CVE-2020-12718 MEDIUM POC This Month

In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.7%
CVE-2020-12708 MEDIUM POC This Month

Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD GitHub
CVSS 3.1
6.1
EPSS
0.9%
CVE-2020-12706 MEDIUM POC PATCH This Month

Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Php Fusion
NVD GitHub Exploit-DB
CVSS 3.1
5.4
EPSS
2.9%
CVE-2020-12461 HIGH POC PATCH This Week

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Php Fusion
NVD GitHub
CVSS 3.1
8.8
EPSS
1.7%
CVE-2020-12438 MEDIUM POC PATCH This Month

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Php Fusion
NVD GitHub
CVSS 3.1
5.4
EPSS
0.6%
CVE-2019-12099 HIGH POC PATCH THREAT This Week

In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload RCE Php Fusion
NVD GitHub Exploit-DB
CVSS 3.0
8.8
EPSS
17.5%
CVE-2015-8375 MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Php Fusion
NVD GitHub
CVSS 3.0
5.4
EPSS
0.2%
CVE-2014-8596 HIGH POC This Week

Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Fusion
NVD Exploit-DB
CVSS 2.0
7.5
EPSS
3.2%
CVE-2013-7375 HIGH POC This Week

SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Fusion
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
5.0%
CVE-2013-1803 HIGH POC This Week

Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Fusion
NVD Exploit-DB VulDB
CVSS 2.0
7.5
EPSS
4.8%
CVE-2013-1807 MEDIUM POC PATCH THREAT This Month

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.0%.

Privilege Escalation Php Fusion
NVD Exploit-DB VulDB
CVSS 2.0
5.0
EPSS
18.0%
CVE-2013-1806 MEDIUM POC PATCH THREAT This Month

Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.6%.

Path Traversal PHP Php Fusion
NVD Exploit-DB VulDB
CVSS 2.0
6.5
EPSS
19.6%
CVE-2013-1804 MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php;. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD Exploit-DB VulDB
CVSS 2.0
4.3
EPSS
8.7%
CVE-2012-6043 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Php Fusion
NVD Exploit-DB
CVSS 2.0
4.3
EPSS
0.8%
EPSS 67% CVSS 8.8
HIGH POC THREAT This Week

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE). Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Privilege Escalation PHP Php Fusion
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.4
MEDIUM POC This Month

PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

PHP-Fusion 9.03 allows XSS on the preview page. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Php Fusion
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

PHP-Fusion 9.03 allows XSS via the error_log file. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Php Fusion
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD GitHub
EPSS 2% CVSS 7.2
HIGH POC PATCH This Week

A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Php Fusion
NVD GitHub Exploit-DB
EPSS 1% CVSS 5.4
MEDIUM POC This Month

In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD GitHub
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD GitHub
EPSS 3% CVSS 5.4
MEDIUM POC PATCH This Month

Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Php Fusion
NVD GitHub Exploit-DB
EPSS 2% CVSS 8.8
HIGH POC PATCH This Week

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi PHP Php Fusion
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM POC PATCH This Month

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS PHP Php Fusion
NVD GitHub
EPSS 18% CVSS 8.8
HIGH POC PATCH THREAT This Week

In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

PHP File Upload RCE +1
NVD GitHub Exploit-DB
EPSS 0% CVSS 5.4
MEDIUM POC PATCH This Month

Cross-site scripting (XSS) vulnerability in PHP-Fusion 9. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

XSS Php Fusion
NVD GitHub
EPSS 3% CVSS 7.5
HIGH POC This Week

Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Fusion
NVD Exploit-DB
EPSS 5% CVSS 7.5
HIGH POC This Week

SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Fusion
NVD Exploit-DB VulDB
EPSS 5% CVSS 7.5
HIGH POC This Week

Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi Php Fusion
NVD Exploit-DB VulDB
EPSS 18% CVSS 5.0
MEDIUM POC PATCH THREAT This Month

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 18.0%.

Privilege Escalation Php Fusion
NVD Exploit-DB VulDB
EPSS 20% CVSS 6.5
MEDIUM POC PATCH THREAT This Month

Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 19.6%.

Path Traversal PHP Php Fusion
NVD Exploit-DB VulDB
EPSS 9% CVSS 4.3
MEDIUM POC This Month

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php;. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP Php Fusion
NVD Exploit-DB VulDB
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

PHP XSS Php Fusion
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy