Vulnerabilities > PHP Fusion > PHP Fusion > 9.0
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-01-03 | CVE-2020-35952 | Unspecified vulnerability in PHP-Fusion login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration. | 4.0 |
2020-08-12 | CVE-2020-17450 | Cross-site Scripting vulnerability in PHP-Fusion 9.0/9.00/9.03 PHP-Fusion 9.03 allows XSS on the preview page. | 4.3 |
2020-08-12 | CVE-2020-17449 | Cross-site Scripting vulnerability in PHP-Fusion 9.0/9.00/9.03 PHP-Fusion 9.03 allows XSS via the error_log file. | 3.5 |
2019-05-14 | CVE-2019-12099 | Unrestricted Upload of File with Dangerous Type vulnerability in PHP-Fusion In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/Core.settings.inc mishandle executable files during avatar upload. | 9.0 |