CVEDB API

Vulnerabilities

Vulnerable Software

Php Fusion: >> Php Fusion >> 4.00 Security Vulnerabilities

CVE-2005-3159

SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158.

CVSS Score

7.5

EPSS Score

0.004

Published

2005-10-06

CVE-2005-2783

Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags.

CVSS Score

4.3

EPSS Score

0.004

Published

2005-09-02

CVE-2005-2401

PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag.

CVSS Score

5.0

EPSS Score

0.004

Published

2005-07-27

CVE-2004-1723

The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.

CVSS Score

5.0

EPSS Score

0.003

Published

2004-12-31

Page 1

Vulnerabilities

Vulnerable Software

Php Fusion: >> Php Fusion >> 4.00 Security Vulnerabilities

Products

Pricing

Contact Us