Shodan
Vulnerabilities
Vulnerable Software
Php-Fusion:  >> Php-Fusion  Security Vulnerabilities
CVE-2020-23658
PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-08-26
CVE-2020-17449
PHP-Fusion 9.03 allows XSS via the error_log file.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-08-12
CVE-2020-17450
PHP-Fusion 9.03 allows XSS on the preview page.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-08-12
CVE-2020-15041
PHP-Fusion 9.03.60 allows XSS via the administration/site_links.php Add Site Link field.
CVSS Score
4.8
EPSS Score
0.002
Published
2020-06-24
CVE-2020-14960
A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,
CVSS Score
7.2
EPSS Score
0.012
Published
2020-06-22
CVE-2020-12718
In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-05-08
CVE-2020-12706
Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php
CVSS Score
5.4
EPSS Score
0.014
Published
2020-05-07
CVE-2020-12708
Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043.
CVSS Score
6.1
EPSS Score
0.002
Published
2020-05-07
CVE-2020-12461
PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query.
CVSS Score
8.8
EPSS Score
0.001
Published
2020-04-29
CVE-2020-12438
An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-04-28


Products
Pricing
Contact Us

Shodan ® - All rights reserved