php_fusion CVE 脆弱性と CVE 一覧(28)

製品(CPE): — CVE 件数: 28

php_fusion 脆弱性概要

This page aggregates publicly disclosed CVE and security risk information related to php_fusion, with CVSS, EPSS, publication dates, and vulnerability intelligence data to help assess potential risk and remediation priority.

脆弱性分布の推移(直近24か月)

表示中 2128 / 28 CVE 件数
«« 先頭 « 前へ 2 / 2 次へ »
CVE 概要 ソース CVSS 最大値 EPSS(%) 公開 更新
CVE-2005-2074 Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows remote attackers to inject arbitrary web script or HTML via a news or article post, possibly involving the (1) news_body, (2) article_description, or (3) article_body parameters to submit.php. [email protected] 4.3 1.18% 2005-06-29 2026-06-16
CVE-2005-0829 Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters. [email protected] 4.3 1.69% 2005-05-02 2026-06-16
CVE-2005-0345 viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter. [email protected] 5.0 2.83% 2005-05-02 2026-06-16
CVE-2005-0692 Cross-site scripting (XSS) vulnerability in fusion_core.php for PHP-Fusion 5.x allows remote attackers to inject arbitrary web script or HTML via a message with IMG bbcode containing character-encoded Javascript. [email protected] 4.3 1.16% 2005-03-06 2026-06-16
CVE-2004-2438 Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows remote attackers to inject arbitrary web script or HTML via the (1) Submit News, (2) Submit Link or (3) Submit Article field. [email protected] 4.3 1.18% 2004-12-31 2026-06-16
CVE-2004-2437 SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the rowstart parameter to (1) index.php or (2) members.php, or (3) the comment_id parameter to comments.php. [email protected] 7.5 1.21% 2004-12-31 2026-06-16
CVE-2004-1723 The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion 4.00 allow remote attackers to obtain sensitive information via a direct HTTP request, which reveals the installation path in an error message. [email protected] 5.0 1.21% 2004-12-31 2026-06-16
CVE-2004-1724 The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the permissions on the fusion_admin/db_backups directory to world read/write/execute (777), which allows remote attackers to download or view database backups, which have easily guessable filenames and contain the administrator username and password. [email protected] 7.5 6.93% 2004-08-18 2026-06-16
«« 先頭 « 前へ 2 / 2 次へ »
cvelogic Threat Intelligence