Lucene search
K

19 matches found

NVD
NVD
added 2021/11/02 6:15 p.m.18 views

CVE-2020-23754

Cross Site Scripting XSS vulnerability in infusions/memberpollpanel/polladmin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature...

9.6CVSS0.0155EPSS
Exploits0References3
NVD
NVD
added 2021/07/02 6:15 p.m.19 views

CVE-2020-23178

An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user...

5.5CVSS0.00524EPSS
Exploits1References1
Prion
Prion
added 2020/09/03 2:15 p.m.19 views

Privilege escalation

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution RCE...

9CVSS8.8AI score0.67289EPSS
Exploits4References2Affected Software1
NVD
NVD
added 2020/06/22 12:15 a.m.17 views

CVE-2020-14960

A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,...

7.2CVSS0.01748EPSS
Exploits1References3
Prion
Prion
added 2020/06/22 12:15 a.m.14 views

Sql injection

A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,...

6.5CVSS7.3AI score0.01748EPSS
Exploits1References3Affected Software1
Cvelist
Cvelist
added 2020/06/21 11:4 p.m.21 views

CVE-2020-14960

A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,...

7.8AI score0.01748EPSS
Exploits1References3
Packet Storm
Packet Storm
added 2020/05/20 12:0 a.m.348 views

PHP-Fusion 9.03.50 Cross Site Scripting

Exploit Title: PHPFusion 9.03.50 - Persistent Cross-Site Scripting Date: 2020-05-20 Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.50 How? When creating a thread or editing one of h...

Exploits0
0day.today
0day.today
added 2020/05/19 12:0 a.m.51 views

php-fusion 9.03.50 - (ctype) SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: php-fusion 9.03.50 - 'ctype' SQL Injection Exploit Author: SunCSR Sun Cyber Security Research - ThienNV Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version:...

Exploits0
Prion
Prion
added 2020/05/07 8:15 p.m.18 views

Cross site scripting

Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faqadmin.php or shoutboxpanel/shoutboxadmin.php...

3.5CVSS5.6AI score0.02897EPSS
Exploits2References3Affected Software1
Prion
Prion
added 2020/05/07 8:15 p.m.19 views

Cross site scripting

Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the catid parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043...

4.3CVSS6.2AI score0.01628EPSS
Exploits2References1Affected Software1
Cvelist
Cvelist
added 2020/05/07 7:9 p.m.22 views

CVE-2020-12706

Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faqadmin.php or shoutboxpanel/shoutboxadmin.php...

6AI score0.02897EPSS
Exploits2References3
CVE
CVE
added 2020/05/07 7:9 p.m.93 views

CVE-2020-12706

The CVE-2020-12706 issue affects PHP-Fusion 9.03.50, where multiple stored Cross-site Scripting vulnerabilities exist in the FAQ admin and shoutbox admin paths (faq/faq_admin.php and shoutbox_panel/shoutbox_admin.php) via the go parameter. Attackers can inject arbitrary scripts to the affected pa...

5.4CVSS5.9AI score0.02897EPSS
Exploits2References3Affected Software1
Exploit DB
Exploit DB
added 2020/05/01 12:0 a.m.640 views

php-fusion 9.03.50 - Persistent Cross-Site Scripting

Exploit Title: php-fusion 9.03.50 - Persistent Cross-Site Scripting Google Dork: "php-fusion" Date: 2020-04-30 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30...

5.4CVSS6.1AI score0.02897EPSS
Exploits2
Prion
Prion
added 2020/04/29 5:15 p.m.16 views

Sql injection

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sortorder GET parameter on the members.php members search page. This parameter allows for control over anything after the...

6.5CVSS8.9AI score0.01699EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2020/04/28 9:15 p.m.2 views

CVE-2020-12438

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags...

5.4CVSS6.1AI score
Exploits0References2
Prion
Prion
added 2020/04/28 9:15 p.m.20 views

Cross site scripting

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags...

3.5CVSS5.2AI score0.00582EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2020/04/28 8:51 p.m.19 views

CVE-2020-12438

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags...

6AI score0.00582EPSS
Exploits1References2
Packet Storm
Packet Storm
added 2020/04/27 12:0 a.m.131 views

PHP-Fusion 9.03.50 Arbitrary File Upload

Exploit Title: PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload Date: 2020-04-24 Author: Besim ALTINOK Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/files/PHP-Fusion%20Archives/9.x/PHP-Fusion%209.03.50.zip/download...

Exploits0
0day.today
0day.today
added 2020/04/27 12:0 a.m.28 views

PHP-Fusion 9.03.50 - (Edit Profile) Arbitrary File Upload Vulnerability

Exploit for php platform in category web applications Exploit Title: PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload Date: 2020-04-24 Author: Besim ALTINOK Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link:...

0.1AI score
Exploits0
Rows per page
Query Builder