Php Fusion CVEs and Security Vulnerabilities - OpenCVE

Filtered by vendor Php Fusion Subscriptions

Filtered by product Php Fusion Subscriptions

Search

Switch to Advanced Search (Beta)

Total 28 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2005-2074	1 Php Fusion	1 Php Fusion	2024-11-20	N/A
Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the (1) news_body, (2) article_description, or (3) article_body parameters to submit.php.
CVE-2005-0829	1 Php Fusion	1 Php Fusion	2024-11-20	N/A
Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters.
CVE-2005-0692	1 Php Fusion	1 Php Fusion	2024-11-20	N/A
Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript.
CVE-2005-0345	1 Php Fusion	1 Php Fusion	2024-11-20	N/A
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter.
CVE-2004-2438	1 Php Fusion	1 Php Fusion	2024-11-20	N/A
Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field.
CVE-2004-2437	1 Php Fusion	1 Php Fusion	2024-11-20	N/A
SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php.
CVE-2004-1724	1 Php Fusion	1 Php Fusion	2024-11-20	N/A
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
CVE-2004-1723	1 Php Fusion	1 Php Fusion	2024-11-20	N/A
The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.

« first previous Page 2 of 2.