Page 12 of 106 results (0.007 seconds)

CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2

SQL injection vulnerability in team.php in the Teams Structure module 3.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the team_id parameter. Vulnerabilidad de inyección SQL en team.php en el módulo Teams Structure v3.0 para PHP-Fusion, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro team_id • https://www.exploit-db.com/exploits/16004 http://osvdb.org/70451 http://secunia.com/advisories/42943 http://www.exploit-db.com/exploits/16004 http://www.securityfocus.com/bid/45826 https://exchange.xforce.ibmcloud.com/vulnerabilities/64727 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in books.php in the Book Panel (book_panel) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the bookid parameter. Vulnerabilidad de inyección SQL en books.php en el módulo Book Panel (book_panel) de PHP-Fusion permite a los atacantes remotos ejecutar a su elección comandos SQL a través del parámetro bookid. • https://www.exploit-db.com/exploits/8186 http://www.exploit-db.com/exploits/8186 http://www.securityfocus.com/bid/34049 https://exchange.xforce.ibmcloud.com/vulnerabilities/49160 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 3

SQL injection vulnerability in screen.php in the Download System mSF (dsmsf) module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the view_id parameter. Vulnerabilidad de inyección SQL en screen.php del módulo Download System mSF (dsmf) para PHP-Fusion, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "view_id". • https://www.exploit-db.com/exploits/12028 http://packetstormsecurity.org/0908-exploits/phpfusiondsmsf-sql.txt http://www.securityfocus.com/bid/36180 http://www.vupen.com/english/advisories/2009/2469 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0

Cross-site scripting (XSS) vulnerability in messages.php in PHP-Fusion 6.01.17 and 7.00.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en messages.php de PHP-Fusion v6.01.17 and v7.00.3, permite a usuarios remotos inyectar código web y HTML a su elección a través de vectores no especificados. • http://osvdb.org/51053 http://secunia.com/advisories/33295 http://www.php-fusion.co.uk/news.php?readmore=443 http://www.securityfocus.com/bid/33058 https://exchange.xforce.ibmcloud.com/vulnerabilities/47665 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 2

SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter. Vulnerabilidad de inyección SQL en members.php en el módulo Members CV (job) v1.0 para PHP-Fusion, cuando magic_quotes_gpc no está activo, permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través del parámetro "sortby". • https://www.exploit-db.com/exploits/7697 http://secunia.com/advisories/33424 http://www.securityfocus.com/bid/33156 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •