CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0832 – PHP-Fusion Mod E-Cart 1.3 - 'items.php' SQL Injection
https://notcve.org/view.php?id=CVE-2009-0832
SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter. Vulnerabilidad de inyección SQL en items.php en el módulo E-Cart v1.3 para PHP-Fusion permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "CA". • https://www.exploit-db.com/exploits/7698 http://www.securityfocus.com/archive/1/499835/100/0/threaded http://www.securityfocus.com/bid/33155 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2008-5946 – PHP-Fusion 4.01 - 'readmore.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5946
SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter. Vulnerabilidad de inyección SQL en readmore.php en PHP-Fusion 4.01 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro news_id. • https://www.exploit-db.com/exploits/32242 http://www.securityfocus.com/bid/30680 http://www.securityfocus.com/bid/30680/exploit https://exchange.xforce.ibmcloud.com/vulnerabilities/44456 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-5733 – PHP-Fusion Mod TI - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5733
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en blog.php en Team Impact TI Blog System mod para PHP-Fusion permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro id. • https://www.exploit-db.com/exploits/7598 http://osvdb.org/51017 http://securityreason.com/securityalert/4814 http://www.securityfocus.com/archive/1/499583/100/0/threaded http://www.securityfocus.com/bid/33019 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-5335 – PHP-Fusion 7.00.1 - 'messages.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5335
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459. Vulnerabilidad de inyección SQL en messages.php en PHP-Fusion v6.01.15 y v7.00.1, cuando magic_quotes_gpc se deshabilita, permitiría a atacantes remotos ejecutar comando SQL a su elección a traves de los parametros "subject" y "msg_send", es un vector diferente que CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, y CVE-2006-2459. • https://www.exploit-db.com/exploits/7173 http://osvdb.org/50065 http://secunia.com/advisories/32781 http://securityreason.com/securityalert/4688 http://www.php-fusion.co.uk/downloads.php?cat_id=19 http://www.php-fusion.co.uk/news.php?readmore=435 http://www.php-fusion.co.uk/news.php?readmore=436 http://www.securityfocus.com/bid/32388 http://www.vupen.com/english/advisories/2008/3248 https://exchange.xforce.ibmcloud.com/vulnerabilities/46760 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2008-5197 – PHP-Fusion Mod Classifieds - 'lid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5197
SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action. Vulnerabilidad de inyección SQL en classifieds.php en PHP-Fusion permite a atacantes remotos ejecutar comandos arbitrarios SQL a través de parámetro lid en una acción detail_adverts. • https://www.exploit-db.com/exploits/5961 http://securityreason.com/securityalert/4640 http://www.securityfocus.com/bid/29995 https://exchange.xforce.ibmcloud.com/vulnerabilities/43561 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •