Vulnerabilities > PHP Fusion
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2010-06-11 | CVE-2009-4889 | SQL Injection vulnerability in Basti2Web Book Panel SQL injection vulnerability in books.php in the Book Panel (book_panel) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the bookid parameter. | 7.5 |
| 2009-09-09 | CVE-2009-3119 | SQL Injection vulnerability in X-Iweb.Ru Download System MSF SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter. | 7.5 |
| 2009-07-07 | CVE-2008-6850 | Cross-Site Scripting vulnerability in PHP-Fusion 6.01.17/7.00.3 Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |
| 2009-03-05 | CVE-2009-0832 | SQL Injection vulnerability in Ausimods E-Cart 1.3 SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter. | 7.5 |
| 2009-03-05 | CVE-2009-0831 | SQL Injection vulnerability in PHP-Fusion Members CV Module 1.0 SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter. | 6.0 |
| 2009-01-22 | CVE-2008-5946 | SQL Injection vulnerability in PHP-Fusion 4.01 SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter. | 7.5 |
| 2008-12-26 | CVE-2008-5733 | SQL Injection vulnerability in PHP-Fusion Team Impact TI Blog System Module SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-12-05 | CVE-2008-5335 | SQL Injection vulnerability in PHP-Fusion 6.01.15/7.00.1 SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459. | 6.8 |
| 2008-11-21 | CVE-2008-5197 | SQL Injection vulnerability in PHP-Fusion SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action. | 7.5 |
| 2008-11-21 | CVE-2008-5196 | SQL Injection vulnerability in PHP-Fusion the Kroax Module SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |