Shodan
Vulnerabilities
Vulnerable Software
Php Fusion:  Security Vulnerabilities
CVE-2005-2401
PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag.
CVSS Score
5.0
EPSS Score
0.004
Published
2005-07-27
CVE-2005-2074
Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the (1) news_body, (2) article_description, or (3) article_body parameters to submit.php.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-06-29
CVE-2005-2075
PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0.
CVSS Score
5.0
EPSS Score
0.034
Published
2005-06-29
CVE-2005-0345
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter.
CVSS Score
5.0
EPSS Score
0.04
Published
2005-05-02
CVE-2005-0829
Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters.
CVSS Score
4.3
EPSS Score
0.004
Published
2005-05-02
CVE-2005-0692
Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript.
CVSS Score
4.3
EPSS Score
0.003
Published
2005-03-06
CVE-2004-1723
The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.
CVSS Score
5.0
EPSS Score
0.003
Published
2004-12-31
CVE-2004-2437
SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php.
CVSS Score
7.5
EPSS Score
0.006
Published
2004-12-31
CVE-2004-2438
Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field.
CVSS Score
4.3
EPSS Score
0.003
Published
2004-12-31
CVE-2004-1724
The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.
CVSS Score
7.5
EPSS Score
0.036
Published
2004-08-18


Products
Pricing
Contact Us

Shodan ® - All rights reserved