Filtered by vendor Php-fusion
Subscribe
Total
59 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2010-4931 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 10.0 HIGH | N/A |
** DISPUTED ** Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third party. | |||||
CVE-2010-4791 | 2 Marcusg, Php-fusion | 2 Mg User Fotoalbum Panel, Php-fusion | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in infusions/mg_user_fotoalbum_panel/mg_user_fotoalbum.php in the MG User-Fotoalbum (mg_user_fotoalbum_panel) module 1.0.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the album_id parameter. | |||||
CVE-2009-4889 | 2 Basti2web, Php-fusion | 2 Book Panel, Php-fusion | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in books.php in the Book Panel (book_panel) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the bookid parameter. | |||||
CVE-2009-3119 | 2 Php-fusion, X-iweb.ru | 2 Php-fusion, Download System Msf | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter. | |||||
CVE-2009-0832 | 2 Ausimods, Php-fusion | 2 E-cart, Php-fusion | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter. | |||||
CVE-2009-0831 | 1 Php-fusion | 2 Members Cv Module, Php-fusion | 2024-11-21 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter. | |||||
CVE-2008-6850 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 4.3 MEDIUM | N/A |
Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
CVE-2008-5946 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | |||||
CVE-2008-5733 | 1 Php-fusion | 2 Php-fusion, Team Impact Ti Blog System Module | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter. | |||||
CVE-2008-5335 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 6.8 MEDIUM | N/A |
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459. | |||||
CVE-2008-5197 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action. | |||||
CVE-2008-5196 | 1 Php-fusion | 2 Php-fusion, The Kroax Module | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter. | |||||
CVE-2008-5074 | 1 Php-fusion | 2 Freshlinks Module, Php-fusion | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter. | |||||
CVE-2008-4527 | 1 Php-fusion | 1 Recepies Module | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information. | |||||
CVE-2008-4521 | 1 Php-fusion | 1 World Of Warcraft Tracker Infusion Module | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter. | |||||
CVE-2008-2227 | 1 Php-fusion | 1 Forum Rank System | 2024-11-21 | 6.8 MEDIUM | N/A |
Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. | |||||
CVE-2008-1918 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 6.0 MEDIUM | N/A |
SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected. | |||||
CVE-2007-5187 | 1 Php-fusion | 1 Expanded Calendar Module | 2024-11-21 | 7.5 HIGH | N/A |
SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter. | |||||
CVE-2007-3559 | 1 Php-fusion | 1 Php-fusion | 2024-11-21 | 3.5 LOW | N/A |
Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant. |