Php-fusion

Php-fusion

36 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9

CVE-2019-12099

Exploit
  • EPSS 41.74%
  • Veröffentlicht 14.05.2019 21:29:01
  • Zuletzt bearbeitet 21.11.2024 04:22:11

In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during...

5.4

CVE-2015-8375

Exploit
  • EPSS 0.25%
  • Veröffentlicht 25.09.2017 21:29:00
  • Zuletzt bearbeitet 20.04.2025 01:37:25

Cross-site scripting (XSS) vulnerability in PHP-Fusion 9.

7.5

CVE-2014-8596

Exploit
  • EPSS 4.08%
  • Veröffentlicht 17.11.2014 16:59:06
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple SQL injection vulnerabilities in PHP-Fusion 7.02.07 allow remote authenticated users to execute arbitrary SQL commands via the (1) submit_id parameter in a 2 action to files/administration/submissions.php or (2) status parameter to files/adm...

7.5

CVE-2013-7375

  • EPSS 7.21%
  • Veröffentlicht 05.05.2014 17:06:05
  • Zuletzt bearbeitet 12.04.2025 10:46:40

SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie, a different vulnerability than CVE-2013-1803.

7.5

CVE-2013-1803

  • EPSS 5.54%
  • Veröffentlicht 05.05.2014 17:06:04
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated users with certain permissions to execute arbitrary S...

6.5

CVE-2013-1806

Exploit
  • EPSS 19.43%
  • Veröffentlicht 30.04.2014 23:58:26
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to maincore.php; or remote authenticated administrato...

5

CVE-2013-1807

Exploit
  • EPSS 19.1%
  • Veröffentlicht 30.04.2014 23:58:26
  • Zuletzt bearbeitet 12.04.2025 10:46:40

PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information via a direct request to the backup file in administr...

4.3

CVE-2013-1804

  • EPSS 10.01%
  • Veröffentlicht 29.04.2014 20:55:08
  • Zuletzt bearbeitet 12.04.2025 10:46:40

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permiss...

4.3

CVE-2012-6043

Exploit
  • EPSS 0.4%
  • Veröffentlicht 26.11.2012 22:55:01
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.

10

CVE-2010-4931

Exploit
  • EPSS 5.15%
  • Veröffentlicht 09.10.2011 10:55:21
  • Zuletzt bearbeitet 11.04.2025 00:51:21

Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party