Remote code execution

PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/Theme Folder, where an attacker can access and execute arbitrary code...

Privilege escalation

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server...

CVE-2021-40188

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server...

CVE-2021-40188

CVE-2021-40188 (PHPFusion 9.03.110) is an arbitrary file upload vulnerability. The Admin File Manager fails to filter PHP extensions (e.g., .php, .php7, .phtml, .php5), allowing an attacker to upload a malicious file and execute code on the server. Affected software: PHPFusion 9.03.110. Root caus...

CVE-2021-40189

CVE-2021-40189 affects PHPFusion 9.03.110. The vulnerability arises in the theme upload mechanism: the theme function can extract files to webroot/themes/{Theme Folder}, enabling an attacker to access and execute arbitrary code on the server. Connected sources (NVD/CNVD/CNNVD) describe remote cod...

CVE-2021-40189

PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/Theme Folder, where an attacker can access and execute arbitrary code...

CVE-2021-40541

PHPFusion 9.03.110 is affected by cross-site scripting XSS in the preg patterns filter html tag without "//" in descript function An authenticated user can trigger XSS by appending "//" in the end of text...

CVE-2021-40541

PHPFusion 9.03.110 is affected by cross-site scripting XSS in the preg patterns filter html tag without "//" in descript function An authenticated user can trigger XSS by appending "//" in the end of text...

Cross site scripting

PHPFusion 9.03.110 is affected by cross-site scripting XSS in the preg patterns filter html tag without "//" in descript function An authenticated user can trigger XSS by appending "//" in the end of text...

CVE-2021-40541

PHPFusion 9.03.110 is affected by cross-site scripting XSS in the preg patterns filter html tag without "//" in descript function An authenticated user can trigger XSS by appending "//" in the end of text...

CVE-2021-40541

CVE-2021-40541 affects PHPFusion 9.03.110. The vulnerability is an XSS in the descript() function, triggered when an authenticated user appends "//" at the end of text, due to how the preg filter handles HTML tags. The available sources (NVD, CNVD, CVE List) describe the issue; no exploitation de...

Phpfusion 代码问题漏洞

PHPFusion is a lightweight open source content management system. An arbitrary file upload vulnerability exists in PHPFusion version 9.03.110. The vulnerability stems from the File Manager feature in the admin panel not filtering PHP extensions. An attacker can exploit this vulnerability to uploa...

Phpfusion 跨站脚本漏洞

PHPFusion is a lightweight open source content management system. A cross-site scripting vulnerability exists in the descript function in PHPFusion version 9.03.110. An attacker could exploit this vulnerability by appending "//" to the end of the text to conduct a cross-site scripting attack...

PHPFusion 代码问题漏洞

PHPFusion is a lightweight open source content management system. A remote code execution vulnerability exists in PHPFusion version 9.03.110. The vulnerability can be exploited to achieve remote code execution by inserting malicious php code or php files into a zip file and uploading it to the...

PHPFusion Cross-Site Scripting Vulnerability (CNVD-2021-57462)

PHPFusion is a lightweight open source content management system. PHPFusion version 9.03.60 is vulnerable to a cross-site scripting vulnerability. An attacker can exploit this vulnerability to conduct cross-site scripting attacks via 'New Shout' in /infusions/shoutboxpanel/shoutboxadmin.php...

PHPFusion < 9.03.60 RCE Vulnerability - Active Check

PHPFusion is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PHPFusion 9.03.50 Remote Code Execution

Exploit Title: PHPFusion 9.03.50 - Remote Code Execution Date: 20/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30&downloadid=606 Version: 9.03.50 Tested on: Docker + Debi...

PHPFusion 9.03.50 - Remote Code Execution

Exploit Title: PHPFusion 9.03.50 - Remote Code Execution Date: 20/05/2021 Exploit Author: g0ldm45k Vendor Homepage: https://www.php-fusion.co.uk/home.php Software Link: https://www.php-fusion.co.uk/infusions/downloads/downloads.php?catid=30&downloadid=606 Version: 9.03.50 Tested on: Docker + Debi...

Phpfusion Cross-Site Scripting Vulnerability

Phpfusion is a lightweight content management system from Phpfusion UK. PHPFusion 9.03.110 suffers from a cross-site scripting vulnerability that can be exploited by an attacker to inject arbitrary web script or HTML...

PHPFusion < 9.03.100 Multiple Vulnerabilities

PHPFusion is prone to multiple vulnerabilities. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...