Vulnerabilities > PHP Fusion
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-11-14 | CVE-2008-5074 | SQL Injection vulnerability in PHP-Fusion Freshlinks Module 1.0 SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter. | 7.5 |
| 2008-10-09 | CVE-2008-4527 | SQL Injection vulnerability in PHP-Fusion Recepies Module 1.1 SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. | 7.5 |
| 2008-10-09 | CVE-2008-4521 | SQL Injection vulnerability in PHP-Fusion World of Warcraft Tracker Infusion Module 2.0 SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter. | 7.5 |
| 2008-05-14 | CVE-2008-2227 | Path Traversal vulnerability in PHP-Fusion Forum Rank System 6 Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. | 6.8 |
| 2008-04-23 | CVE-2008-1918 | SQL Injection vulnerability in PHP-Fusion 6.00.307/6.01.14 SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. | 6.0 |
| 2007-10-03 | CVE-2007-5187 | SQL Injection vulnerability in PHP-Fusion Expanded Calendar Module and PHP-Fusion SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter. | 7.5 |
| 2007-07-04 | CVE-2007-3559 | Cross-Site Scripting vulnerability in PHP-Fusion 6.01.10/6.01.9 Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant. network php-fusion | 3.5 |
| 2007-04-12 | CVE-2007-1978 | SQL-Injection vulnerability in PHP Fusion Arcade Module 1.00 SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action. | 7.5 |
| 2007-04-03 | CVE-2007-1845 | SQL Injection vulnerability in PHP Fusion Expanded Calendar Module 2.0 SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the m_month parameter. | 7.5 |
| 2006-09-11 | CVE-2006-4673 | SQL Injection vulnerability in PHP-Fusion News.PHP Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php. | 2.6 |