CVEDB API

Vulnerabilities

Vulnerable Software

Php Fusion: >> Php Fusion >> 6.0.107 Security Vulnerabilities

CVE-2006-4673

Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php.

CVSS Score

2.6

EPSS Score

0.006

Published

2006-09-11

CVE-2006-3555

Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer.

CVSS Score

5.8

EPSS Score

0.005

Published

2006-07-13

CVE-2005-2783

Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags.

CVSS Score

4.3

EPSS Score

0.004

Published

2005-09-02

Page 1

Vulnerabilities

Vulnerable Software

Php Fusion: >> Php Fusion >> 6.0.107 Security Vulnerabilities

Products

Pricing

Contact Us