CVEDB API

Vulnerabilities

Vulnerable Software

Php Fusion: >> Php Fusion >> 4.01 Security Vulnerabilities

CVE-2005-3159

SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158.

CVSS Score

7.5

EPSS Score

0.004

Published

2005-10-06

CVE-2005-2783

Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags.

CVSS Score

4.3

EPSS Score

0.004

Published

2005-09-02

CVE-2005-2401

PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag.

CVSS Score

5.0

EPSS Score

0.004

Published

2005-07-27

CVE-2004-2437

SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php.

CVSS Score

7.5

EPSS Score

0.006

Published

2004-12-31

CVE-2004-2438

Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field.

CVSS Score

4.3

EPSS Score

0.003

Published

2004-12-31

Page 1

Vulnerabilities

Vulnerable Software

Php Fusion: >> Php Fusion >> 4.01 Security Vulnerabilities

Products

Pricing

Contact Us