108 matches found
EUVD-2021-27373
Malware in sbrugna...
EUVD-2020-23535
Malware in sbrugna...
EUVD-2021-27716
Malicious code in bioql PyPI...
EUVD-2023-33938
Malicious code in bioql PyPI...
EUVD-2022-42576
Malicious code in bioql PyPI...
CVE-2021-40188
PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server...
CVE-2020-35952
login.php in PHPFusion aka PHP-Fusion Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password i.e., not a single "Incorrect username or password" message in both cases, which might allow enumeration...
CVE-2020-35687
PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim...
CVE-2022-3152
Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20...
PHPFusion <= 9.10.30 Multiple Vulnerabilities
PHPFusion is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:php-fusion:php-fusion";...
CVE-2023-2453
There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘requireonce’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known...
Design/Logic Flaw
There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘requireonce’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known...
CVE-2023-2453
CVE-2023-2453 affects PHPFusion. The issue is insufficient sanitization of tainted file names directly concatenated with a path and passed to a require_once statement, allowing inclusion and execution of arbitrary .php files when the absolute path is known. The description notes there is no known...
CVE-2023-2453 Local file Inclusion (LFI) in Forum Infusion via Directory Traversal
There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘requireonce’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known...
CVE-2023-2453 Local file Inclusion (LFI) in Forum Infusion via Directory Traversal
There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently passed to a ‘requireonce’ statement. This allows arbitrary files with the ‘.php’ extension for which the absolute path is known to be included and executed. There are no known...
PHPFusion Path Traversal Vulnerability
PHPFusion is a Malaysian PHPFusion company based on MySql and PHP open source lightweight content management system . The system contains modules for news, articles and forums. A security vulnerability exists in PHPFusion, which stems from the presence of outdated dependencies that allow an...
PHPFusion Security Vulnerability
PHPFusion is a Malaysian PHPFusion company based on MySql and PHP open source lightweight content management system . The system contains modules for news, articles and forums. A security vulnerability exists in PHPFusion that stems from inadequate cleanup of tainted filenames, allowing the...
PHPFusion 9.10.30 Cross Site Scripting
Exploit Title: PHPFusion 9.10.30 - Stored Cross-Site Scripting XSS Application: PHPFusion Version: 9.10.30 Bugs: XSS Technology: PHP Vendor URL: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/ Date of found: 28-04-2023 Author: Mirabbas Ağalarov...
PHPFusion 9.10.30 - Stored Cross-Site Scripting Vulnerability
Exploit Title: PHPFusion 9.10.30 - Stored Cross-Site Scripting XSS Application: PHPFusion Version: 9.10.30 Bugs: XSS Technology: PHP Vendor URL: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/ Date of found: 28-04-2023 Author: Mirabbas Ağalarov...
PHPFusion 9.10.30 - Stored Cross-Site Scripting (XSS)
Exploit Title: PHPFusion 9.10.30 - Stored Cross-Site Scripting XSS Application: PHPFusion Version: 9.10.30 Bugs: XSS Technology: PHP Vendor URL: https://www.php-fusion.co.uk/home.php Software Link: https://sourceforge.net/projects/php-fusion/ Date of found: 28-04-2023 Author: Mirabbas Ağalarov...