Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

  1. Reconshell
  2. Vulnerabilities (CVE)
Filtered by vendor Php Fusion Subscribe
Total 30 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-0829 1 Php Fusion 1 Php Fusion 2016-10-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters.
CVE-2005-0692 1 Php Fusion 1 Php Fusion 2016-10-17 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript.
CVE-2005-4655 1 Php Fusion 1 Php Fusion 2011-03-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as "<me<meta>ta" and "<sc<script>ript>".
CVE-2005-3740 1 Php Fusion 1 Php Fusion 2011-03-07 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php.
CVE-2005-4005 1 Php Fusion 1 Php Fusion 2011-03-07 7.5 HIGH N/A
SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php.
CVE-2005-3739 1 Php Fusion 1 Php Fusion 2011-03-07 5.0 MEDIUM N/A
Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors.
CVE-2005-2074 1 Php Fusion 1 Php Fusion 2011-03-07 4.3 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the (1) news_body, (2) article_description, or (3) article_body parameters to submit.php.
CVE-2005-2075 1 Php Fusion 1 Php Fusion 2011-03-07 5.0 MEDIUM N/A
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0.
CVE-2005-3160 1 Php Fusion 1 Php Fusion 2008-09-05 7.5 HIGH N/A
Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusion allow remote attackers to execute arbitrary SQL commands via the (1) album and (2) photo parameters.
CVE-2005-2401 1 Php Fusion 1 Php Fusion 2008-09-05 5.0 MEDIUM N/A
PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag.