← Back

Fusionphp

fusionphp

4 CVEs • 2 products

Products (2)

Click to collapse
Toggle
Fusion News
fusion_news
3 CVEs
Fusion Polls
fusion_polls
1 CVE

CVEs (4)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2006-7003
1Fusionphp
1Fusion Polls
Apr 23, 2026
Feb 12, 2007
N/A· v4
N/A· v3
7.5 HIGH· v2
PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter.
CVE-2006-4240
1Fusionphp
1Fusion News
Apr 16, 2026
Aug 21, 2006
N/A· v4
N/A· v3
7.5 HIGH· v2
PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
CVE-2006-3387
1Fusionphp
1Fusion News
Apr 16, 2026
Jul 6, 2006
N/A· v4
N/A· v3
5.1 MEDIUM· v2
Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil_config parameter, whic...Show more
Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil_config parameter, which can be used to execute PHP code that has been injected into a log file.Show less
CVE-2004-1703
1Fusionphp
1Fusion News
Apr 16, 2026
Jul 30, 2004
N/A· v4
8.8 HIGH· v3
7.5 HIGH· v2
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the adm...Show more
Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.Show less