Vulnerabilities > Phpfox > Phpfox > 3.6.0

DATE CVE VULNERABILITY TITLE RISK
2023-11-03 CVE-2023-46817 Deserialization of Untrusted Data vulnerability in PHPfox
An issue was discovered in phpFox before 4.8.14.
network
low complexity
phpfox CWE-502
critical
 9.8
9.8
2013-08-14 CVE-2013-5121 SQL Injection vulnerability in PHPfox 3.6.0
SQL injection vulnerability in PHPFox before 3.6.0 (build6) allows remote attackers to execute arbitrary SQL commands via the search[sort_by] parameter to user/browse/view_/.
network
low complexity
phpfox CWE-89
7.5
7.5
2013-08-14 CVE-2013-5120 SQL Injection vulnerability in PHPfox 3.6.0
SQL injection vulnerability in PHPFox before 3.6.0 (build4) allows remote attackers to execute arbitrary SQL commands via the search[gender] parameter to user/browse/view_/.
network
low complexity
phpfox CWE-89
7.5
7.5