php fusion software vulnerabilities

Searching php fusion software vulnerabilities

The (1) updateuser.php and (2) forums_prune.php

The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message.

The ReadMe First.txt file in PHP-Fusion 4.0 ins

The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password.

SQL injection vulnerability in PHP-Fusion 4.01

vulnerability | PHP-Fusion | injection | SQL |

SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php.

Cross-site scripting (XSS) vulnerability in PHP

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field.

viewthread.php in php-fusion 4.x does not check

viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter.

Cross-site scripting (XSS) vulnerability in fus

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript.

Cross-site scripting (XSS) vulnerability in set

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters.

PHP-Fusion allows remote attackers to inject ar

PHP-Fusion allows remote attackers to inject arbitrary Cascading Style Sheets (CSS) via the BBCode color tag.

Cross-site scripting (XSS) vulnerability in PHP

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and earlier allows remote attackers to inject arbitrary web script or HTML via nested, malformed URL BBCode tags.

SQL injection vulnerability in messages.php in

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159.

SQL injection vulnerability in messages.php in

SQL injection vulnerability in messages.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the msg_view parameter, a different vulnerability than CVE-2005-3157 and CVE-2005-3158.

Multiple SQL injection vulnerabilities in photo

Multiple SQL injection vulnerabilities in photogallery.php in PHP-Fusion allow remote attackers to execute arbitrary SQL commands via the (1) album and (2) photo parameters.

Multiple SQL injection vulnerabilities in PHP-F

Multiple SQL injection vulnerabilities in PHP-Fusion before 6.00.110 allow remote attackers to execute arbitrary SQL commands via (1) the activate parameter in register.php and (2) the cat_id parameter in faq.php.

Unspecified vulnerability in subheader.php in P

vulnerability | subheaderphp | Unspecified | PHP-Fusion |

Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors.

Multiple SQL injection vulnerabilities in PHP-F

Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php.

SQL injection vulnerability in messages.php in

SQL injection vulnerability in messages.php in PHP-Fusion 6.00.307 and earlier allows remote authenticated users to execute arbitrary SQL commands via the srch_where parameter.

PHP remote file inclusion vulnerability in inde

PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.

PHP remote file inclusion vulnerability in admi

PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter.

SQL injection vulnerability in index.php in the

SQL injection vulnerability in index.php in the Topliste 1.0 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter.

Cross-site scripting (XSS) vulnerability in inf

Cross-site | scripting |

Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant.

Software vulnerabilities results 1 to 20 of 2800

Page: 12 3 4 5...141 ►

php fusion software vulnerabilities

vulnerabilities.aspcode.net

Searching php fusion software vulnerabilities