Lucene search
K

8 matches found

OSV
OSV
added 2026/02/05 5:16 p.m.7 views

CVE-2020-37137

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

9.8CVSS6.6AI score0.00541EPSS
Exploits1References3
NVD
NVD
added 2026/02/05 5:16 p.m.10 views

CVE-2020-37137

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

9.8CVSS0.00541EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/02/05 4:13 p.m.3 views

CVE-2020-37137

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

8.6CVSS6.7AI score0.00541EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2026/02/05 4:13 p.m.40 views

CVE-2020-37137 PHP-Fusion 9.03.50 - 'panels.php' Eval Injection

PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'addpanelform' function that allows attackers to execute arbitrary code through an eval function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panelcontent POST parameters to the...

8.6CVSS0.00541EPSS
Exploits1References3
CVE
CVE
added 2026/02/05 4:13 p.m.15 views

CVE-2020-37137

CVE-2020-37137 affects PHP-Fusion 9.03.50. The remote code execution vulnerability resides in the add_panel_form() path where eval() processes unsanitized POST data (panel_content) sent to panels.php, enabling arbitrary code execution. Exploitation details and PoCs are referenced in the connected...

9.8CVSS6.7AI score0.00541EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.10 views

PT-2026-6580

Name of the Vulnerable Software and Affected Versions PHP-Fusion version 9.03.50 Description The software contains a remote code execution issue in the add panel form function. This allows attackers to execute arbitrary code through the use of an eval function with unsanitized data received via...

8.6CVSS6.7AI score0.00541EPSS
Exploits1References5
wpexploit
wpexploit
added 2024/01/23 12:0 a.m.145 views

WP-Reply Notify <= 1.1 - Settings Update via CSRF

Description The plugin does not have a CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. Make an admin open an HTML page containing the following: document.forms0.submit;...

9.4AI score0.00176EPSS
Exploits2References1
0day.today
0day.today
added 2013/03/01 12:0 a.m.20 views

Doorgets CSRF Vulnerability

With this vulnerability you can change the configuration of the site. Title Slogan Description Copyright Year of creation Keywords ID Facebook Disqus doorgets-home doorgets-light 0day.today 2018-04-03...

7AI score
Exploits0
Rows per page
Query Builder