Vulnerabilities > PHP Fusion > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-26 | CVE-2008-5733 | SQL Injection vulnerability in PHP-Fusion Team Impact TI Blog System Module SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter. | 7.5 |
| 2008-11-21 | CVE-2008-5197 | SQL Injection vulnerability in PHP-Fusion SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action. | 7.5 |
| 2008-11-21 | CVE-2008-5196 | SQL Injection vulnerability in PHP-Fusion the Kroax Module SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter. | 7.5 |
| 2008-11-14 | CVE-2008-5074 | SQL Injection vulnerability in PHP-Fusion Freshlinks Module 1.0 SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter. | 7.5 |
| 2008-10-09 | CVE-2008-4527 | SQL Injection vulnerability in PHP-Fusion Recepies Module 1.1 SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. | 7.5 |
| 2008-10-09 | CVE-2008-4521 | SQL Injection vulnerability in PHP-Fusion World of Warcraft Tracker Infusion Module 2.0 SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter. | 7.5 |
| 2007-10-03 | CVE-2007-5187 | SQL Injection vulnerability in PHP-Fusion Expanded Calendar Module and PHP-Fusion SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter. | 7.5 |
| 2007-04-12 | CVE-2007-1978 | SQL-Injection vulnerability in PHP Fusion Arcade Module 1.00 SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action. | 7.5 |
| 2007-04-03 | CVE-2007-1845 | SQL Injection vulnerability in PHP Fusion Expanded Calendar Module 2.0 SQL injection vulnerability in show_event.php in the Expanded Calendar (calendar_panel) 2.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the m_month parameter. | 7.5 |
| 2005-12-28 | CVE-2005-4517 | SQL-Injection vulnerability in PHP Fusion SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as ratings_include.php. | 7.5 |