Php-Fusion: >> Php-Fusion >> 7.00.1 Security Vulnerabilities
SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2009-03-05
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS Score
7.5
EPSS Score
0.002
Published
2008-12-26
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459.
CVSS Score
6.8
EPSS Score
0.008
Published
2008-12-05
SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-11-21
SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter.
CVSS Score
7.5
EPSS Score
0.001
Published
2008-11-14
Page 2