Vulnerabilities > PHP Fusion > PHP Fusion > 6.00.206

DATE CVE VULNERABILITY TITLE RISK
2006-07-13 CVE-2006-3555 HTML Injection vulnerability in PHP-Fusion Avatar Image
Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer.
network
php-fusion
5.8
5.8
2006-05-12 CVE-2006-2331 Local File Include vulnerability in PHP-Fusion
Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a ..
network
low complexity
php-fusion
6.4
6.4
2006-05-12 CVE-2006-2330 Local File Include vulnerability in PHP-Fusion
PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata.
network
low complexity
php-fusion
6.4
6.4
2006-02-08 CVE-2006-0593 Cross-Site Scripting vulnerability in PHP-Fusion
Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php.
network
php-fusion
4.3
4.3
2005-12-28 CVE-2005-4517 SQL-Injection vulnerability in PHP Fusion
SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as ratings_include.php.
network
low complexity
php-fusion
7.5
7.5
2005-12-28 CVE-2005-4516 Cross-Site Scripting vulnerability in PHP-Fusion Members.PHP
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow remote attackers to inject arbitrary web script or HTML via (1) the sortby parameter in members.php and (2) IMG tags.
network
php-fusion
4.3
4.3