CVE-2020-12461

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sortorder GET parameter on the members.php members search page. This parameter allows for control over anything after the...

EUVD-2020-4770

Malware in sbrugna...

CVE-2020-12461

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sortorder GET parameter on the members.php members search page. This parameter allows for control over anything after the...

Sql injection

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sortorder GET parameter on the members.php members search page. This parameter allows for control over anything after the...

CVE-2020-12461

Summary: CVE-2020-12461 affects PHP-Fusion 9.03.50 and allows SQL Injection via the sort_order GET parameter on members.php, due to insufficient protection in maincore.php. Multiple connected sources corroborate the vulnerability and its impact on SQL semantics after ORDER BY, with references ind...

CVE-2020-12461

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sortorder GET parameter on the members.php members search page. This parameter allows for control over anything after the...

Directory traversal

Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. dot dot in the 1 usertheme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the 2 enable...

CVE-2013-1806

Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. dot dot in the 1 usertheme parameter to maincore.php; or remote authenticated administrators to delete arbitrary files via the 2 enable...

[waraxe-2013-SA#097] - Multiple Vulnerabilities in PHP-Fusion 7.02.05

waraxe-2013-SA097 - Multiple Vulnerabilities in PHP-Fusion 7.02.05 =============================================================================== Author: Janek Vind "waraxe" Date: 27. February 2013 Location: Estonia, Tartu Web: http://www.waraxe.us/advisory-97.html Description of vulnerable...

CVE-2010-4931

Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. dot dot in the folderlevel parameter. NOTE: this issue has been disputed by a reliable third party...

Directory traversal

Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. dot dot in the folderlevel parameter. NOTE: this issue has been disputed by a reliable third party...

CVE-2010-4931

PHP-Fusion exposes a directory traversal flaw in maincore.php, allowing local file inclusion via a ../ detour in the folder_level parameter. Impact stated as remote code execution on affected environments through arbitrary local files. Affected product: PHP-Fusion (maincore.php). Root cause: dire...

CVE-2010-4931

Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. dot dot in the folderlevel parameter. NOTE: this issue has been disputed by a reliable third party...

PHP-Fusion Local File Inclusion Vulnerability

Exploit for php platform in category web applications ============================================= PHP-Fusion Local File Inclusion Vulnerability ============================================= Author: MoDaMeR Email: email protected My Sites : www.v4-team.com & www.hackteach.org Script home:...

PHP-Fusion - Local File Inclusion

PHP-Fusion - Local File Inclusion Exploit Title: PHP-Fusion Local File Includes Vulnerability Date: 2010/08/15 Author: MoDaMeR Email: [email protected] My Sites : www.v4-team.com & www.hackteach.org Script home: http://www.phpfusion-ar.com download Script:...

PHP-Fusion - Local File Inclusion

Exploit Title: PHP-Fusion Local File Includes Vulnerability Date: 2010/08/15 Author: MoDaMeR Email: [email protected] My Sites : www.v4-team.com & www.hackteach.org Script home: http://www.phpfusion-ar.com download Script: http://www.phpfusion-ar.com/downloads.php?catid=1&downloadid=91 Version:all Tested...

PHP-Fusion Maincore.PHP SQL注入漏洞

PHP-Fusion是一款基于PHP的内容管理程序。 PHP-Fusion不正确过滤用户提交的URI数据，远程攻击者可以利用漏洞进行SQL注入攻击获得敏感信息。 问题是由于'Maincore.PHP'脚本对用户提交的WEB参数缺少过滤，提交恶意SQL查询作为参数数据，可更改原来的SQL逻辑，获得敏感信息。 PHP-Fusion PHPFusion 6.1.4 PHP-Fusion PHP-Fusion 6.0.307 PHP-Fusion PHP-Fusion 6.0.204 PHP-Fusion PHP-Fusion 6.0.110 PHP-Fusion PHP-Fusion...

CVE-2006-4673

The CVE-2006-4673 entry concerns PHP-Fusion 6.01.4 and earlier, where maincore.php applies extract() to superglobals. This enables a global-variable overwriting flaw that can lead to SQL injection via the _SERVER[REMOTE_ADDR] parameter to news.php. The vulnerability arises from unrestricted varia...