Php Fusion

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2013-1804 1Php Fusion 1Php Fusion May 6, 2026 Apr 29, 2014 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authentica...Show more Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php; or remote authenticated users with certain permissions to inject arbitrary web script or HTML via the (2) user_list or (3) user_types parameter to messages.php; (4) message parameter to infusions/shoutbox_panel/shoutbox_admin.php; (5) message parameter to administration/news.php; (6) panel_list parameter to administration/panel_editor.php; (7) HTTP User Agent string to administration/phpinfo.php; (8) "__BBCODE__" parameter to administration/bbcodes.php; errorMessage parameter to (9) article_cats.php, (10) download_cats.php, (11) news_cats.php, or (12) weblink_cats.php in administration/, when error is 3; or (13) body or (14) body2 parameter to administration/articles.php.Show less
CVE-2012-6043 1Php Fusion 1Php Fusion Apr 29, 2026 Nov 26, 2012 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in downloads.php in PHP-Fusion 7.02.04 allows remote attackers to inject arbitrary web script or HTML via the cat_id parameter.
CVE-2010-4931 1Php Fusion 1Php Fusion Apr 29, 2026 Oct 9, 2011 N/A· v4 N/A· v3 10.0 HIGH· v2 Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed b...Show more Directory traversal vulnerability in maincore.php in PHP-Fusion allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the folder_level parameter. NOTE: this issue has been disputed by a reliable third partyShow less
CVE-2008-6850 1Php Fusion 1Php Fusion Apr 23, 2026 Jul 7, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2009-0831 1Php Fusion 1Members Cv Module Apr 23, 2026 Mar 5, 2009 N/A· v4 N/A· v3 6.0 MEDIUM· v2 SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby paramete...Show more SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter.Show less
CVE-2008-5946 1Php Fusion 1Php Fusion Apr 23, 2026 Jan 22, 2009 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter.
CVE-2008-5733 1Php Fusion 1Team Impact Ti Blog System Module Apr 23, 2026 Dec 26, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVE-2008-5335 1Php Fusion 1Php Fusion Apr 23, 2026 Dec 5, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a differ...Show more SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459.Show less
CVE-2008-5197 1Php Fusion 1Php Fusion Apr 23, 2026 Nov 21, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action.
CVE-2008-5196 1Php Fusion 1The Kroax Module Apr 23, 2026 Nov 21, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVE-2008-5074 1Php Fusion 1Freshlinks Module Apr 23, 2026 Nov 14, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
CVE-2008-4527 1Php Fusion 1Recepies Module Apr 23, 2026 Oct 9, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these...Show more SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information.Show less
CVE-2008-4521 1Php Fusion 1World Of Warcraft Tracker Infusion Module Apr 23, 2026 Oct 9, 2008 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID p...Show more SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter.Show less
CVE-2008-2227 1Php Fusion 1Forum Rank System Apr 23, 2026 May 14, 2008 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and...Show more Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.Show less
CVE-2008-1918 1Php Fusion 1Php Fusion Apr 23, 2026 Apr 23, 2008 N/A· v4 N/A· v3 6.0 MEDIUM· v2 SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands...Show more SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected.Show less
CVE-2007-5187 1Php Fusion 1Expanded Calendar Module Apr 23, 2026 Oct 3, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter.
CVE-2007-3559 1Php Fusion 1Php Fusion Apr 23, 2026 Jul 4, 2007 N/A· v4 N/A· v3 3.5 LOW· v2 Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or...Show more Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.Show less
CVE-2007-1978 1Php Fusion 1Arcade Module Apr 23, 2026 Apr 12, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action.
CVE-2007-1845 1Php Fusion 1Expanded Calendar Module Apr 23, 2026 Apr 3, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the m_month parameter.
CVE-2006-4673 1Php Fusion 1Php Fusion Apr 16, 2026 Sep 11, 2006 N/A· v4 N/A· v3 2.6 LOW· v2 Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOT...Show more Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.Show less

Previous 1 234 5 Next