CVE-2020-37152

PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting XSS via the 'panelcontent' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted...

CVE-2020-36996

PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize user-submitted message content. Attackers can inject malicious JavaScript through forum messages that will execute when the print page is generated, allowing script...

EUVD-2020-30963

PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize user-submitted message content. Attackers can inject malicious JavaScript through forum messages that will execute when the print page is generated, allowing script...

PHPFusion cross-site scripting vulnerabilities

PHPFusion is an open-source, lightweight content management system developed by Malaysia-based PHPFusion Company, based on MySQL and PHP. This system includes modules for news, articles, and forums. Version PHPFusion 9.03.50 contains a cross-site scripting vulnerability. This vulnerability arises...

CVE-2020-23754

Cross Site Scripting XSS vulnerability in infusions/memberpollpanel/polladmin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature...

Cross site scripting

Cross Site Scripting XSS vulnerability in infusions/memberpollpanel/polladmin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature...

PHP-Fusion 跨站脚本漏洞

Php-fusion PHP-Fusion is an open source lightweight content management system based on MySql and PHP from Malaysia-based PHP-Fusion Php-fusion. A cross-site scripting vulnerability exists in PHP-Fusion version 9.03.50, which originates in the infusions/memberpollpanel/polladmin.php page and lacks...

CVE-2020-23178

An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user...

PHPFusion 9.03.50 Remote Code Execution

Exploit Title: PHPFusion 9.03.50 - Remote Code Execution Date: 20/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30&downloadid=606 Version: 9.03.50 Tested on: Docker + Debi...

PHPFusion 9.03.50 - Remote Code Execution

Exploit Title: PHPFusion 9.03.50 - Remote Code Execution Date: 20/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30&downloadid=606 Version: 9.03.50 Tested on: Docker + Debi...

Privilege escalation

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution RCE...

CVE-2020-14960

A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,...

Sql injection

A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,...

PHP-Fusion SQL Injection Vulnerability (CNVD-2020-52839)

PHP-Fusion is a Malaysian PHP-Fusion company based on MySql and PHP open source lightweight content management system . The system contains modules such as news, articles and forums. A SQL injection vulnerability exists in the administration/comments.php endpoint in PHP-Fusion version 9.03.50. Th...

CVE-2020-14960

A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,...

PHP-Fusion 9.03.50 Cross Site Scripting

Exploit Title: PHPFusion 9.03.50 - Persistent Cross-Site Scripting Date: 2020-05-20 Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.50 How? When creating a thread or editing one of h...

php-fusion 9.03.50 - (ctype) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: php-fusion 9.03.50 - 'ctype' SQL Injection Exploit Author: SunCSR Sun Cyber Security Research - ThienNV Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version:...

PHP-Fusion Cross-Site Scripting Vulnerability

PHP-Fusion is a Malaysian PHP-Fusion company based on MySql and PHP open source lightweight content management system . The system contains modules such as news, articles and forums. A cross-site scripting vulnerability exists in PHP-Fusion version 9.03.50. The vulnerability stems from the lack o...

CVE-2020-12718

The CVE-2020-12718 issue affects PHP-Fusion 9.03.50: an authenticated attacker can exploit a stored XSS in the Preview Comment feature (administration/comments.php). The vulnerability allows bypassing the protection mechanism by injecting HTML event handlers such as ontoggle. Connected sources co...

Cross site scripting

Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faqadmin.php or shoutboxpanel/shoutboxadmin.php...