CVEDB API

Vulnerabilities

Vulnerable Software

Php Fusion: >> Php Fusion >> 6.00.100 Security Vulnerabilities

CVE-2006-3555

Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer.

CVSS Score

5.8

EPSS Score

0.005

Published

2006-07-13

CVE-2006-0593

Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php.

CVSS Score

4.3

EPSS Score

0.006

Published

2006-02-08

CVE-2005-3160

Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusion allow remote attackers to execute arbitrary SQL commands via the (1) album and (2) photo parameters.

CVSS Score

7.5

EPSS Score

0.004

Published

2005-10-06

CVE-2005-3161

Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 allow remote attackers to execute arbitrary SQL commands via (1) the activate parameter in register.php and (2) the cat_id parameter in faq.php.

CVSS Score

7.5

EPSS Score

0.011

Published

2005-10-06

Page 1

Vulnerabilities

Vulnerable Software

Php Fusion: >> Php Fusion >> 6.00.100 Security Vulnerabilities

Products

Pricing

Contact Us