19 matches found
CVE-2020-23754
Cross Site Scripting XSS vulnerability in infusions/memberpollpanel/polladmin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature...
CVE-2020-23178
An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user...
Privilege escalation
Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user not admin to send a crafted request to the server and perform remote command execution RCE...
CVE-2020-14960
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,...
Sql injection
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,...
CVE-2020-14960
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,...
PHP-Fusion 9.03.50 Cross Site Scripting
Exploit Title: PHPFusion 9.03.50 - Persistent Cross-Site Scripting Date: 2020-05-20 Exploit Author: coiffeur Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version: v9.03.50 How? When creating a thread or editing one of h...
php-fusion 9.03.50 - (ctype) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: php-fusion 9.03.50 - 'ctype' SQL Injection Exploit Author: SunCSR Sun Cyber Security Research - ThienNV Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/phpfusion9downloads.php Version:...
Cross site scripting
Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faqadmin.php or shoutboxpanel/shoutboxadmin.php...
Cross site scripting
Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the catid parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043...
CVE-2020-12706
Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faqadmin.php or shoutboxpanel/shoutboxadmin.php...
CVE-2020-12706
The CVE-2020-12706 issue affects PHP-Fusion 9.03.50, where multiple stored Cross-site Scripting vulnerabilities exist in the FAQ admin and shoutbox admin paths (faq/faq_admin.php and shoutbox_panel/shoutbox_admin.php) via the go parameter. Attackers can inject arbitrary scripts to the affected pa...
php-fusion 9.03.50 - Persistent Cross-Site Scripting
Exploit Title: php-fusion 9.03.50 - Persistent Cross-Site Scripting Google Dork: "php-fusion" Date: 2020-04-30 Exploit Author: SunCSR Sun Cyber Security Research Vendor Homepage: https://www.php-fusion.co.uk/ Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30...
Sql injection
PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sortorder GET parameter on the members.php members search page. This parameter allows for control over anything after the...
CVE-2020-12438
An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags...
Cross site scripting
An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags...
CVE-2020-12438
An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags...
PHP-Fusion 9.03.50 Arbitrary File Upload
Exploit Title: PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload Date: 2020-04-24 Author: Besim ALTINOK Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/files/PHP-Fusion%20Archives/9.x/PHP-Fusion%209.03.50.zip/download...
PHP-Fusion 9.03.50 - (Edit Profile) Arbitrary File Upload Vulnerability
Exploit for php platform in category web applications Exploit Title: PHP-Fusion 9.03.50 - 'Edit Profile' Arbitrary File Upload Date: 2020-04-24 Author: Besim ALTINOK Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link:...