CVEDB API

Vulnerabilities

Vulnerable Software

Php Fusion: >> Php Fusion >> 5.0 Security Vulnerabilities

CVE-2005-3159

SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158.

CVSS Score

7.5

EPSS Score

0.004

Published

2005-10-06

CVE-2005-2783

Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags.

CVSS Score

4.3

EPSS Score

0.004

Published

2005-09-02

CVE-2005-2401

PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag.

CVSS Score

5.0

EPSS Score

0.004

Published

2005-07-27

CVE-2005-2075

PHP-Fusion 5.0 and 6.0 stores the database file with a predictable filename under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information via a direct request to the filename in the administration/db_backups directory in PHP-Fusion 6.0 or the fusion_admin/db_backups directory in 5.0.

CVSS Score

5.0

EPSS Score

0.034

Published

2005-06-29

CVE-2005-0692

Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript.

CVSS Score

4.3

EPSS Score

0.003

Published

2005-03-06

Page 1

Vulnerabilities

Vulnerable Software

Php Fusion: >> Php Fusion >> 5.0 Security Vulnerabilities

Products

Pricing

Contact Us