EUVD-2020-16400

Malware in sbrugna...

EUVD-2004-1718

Malware in sbrugna...

Unspecified Vulnerability in PHP-Fusion

PHP-Fusion is a Malaysian company PHP-Fusion open source lightweight content management system based on MySql and PHP . The system contains modules such as news, articles and forums. PHP-Fusion suffers from a security vulnerability that stems from a session cookie not being deleted when a user lo...

CVE-2019-12099

In PHP-Fusion 9.03.00, editprofile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/formfileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload...

PHP-Fusion BBCode IMG Tag XSS

The remote host is running a version of PHP-Fusion that does not sufficiently sanitize JavaScript code. Specifically, an attacker can inject JavaScript code that bypasses the filters in 'fusioncore.php' by HTML-encoding it. This code will then be executed in the context of a user's browser when...

PHP-Fusion 5.0 - BBCode IMG Tag Script Injection

source: https://www.securityfocus.com/bid/12751/info PHP-Fusion is reported prone to a script injection vulnerability. This issue is due to the application failing to properly sanitize user-supplied input prior to including it in dynamically generated content. An attacker can supply ASCII...