CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-5196 – PHP-Fusion Mod Kroax 4.42 - 'category' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5196
21 Nov 2008 — SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter. Vulnerabilidad de inyección SQL en kroax.php en el módulo Kroax (the_kroax) v4.42 y anteriores de PHP-Fusion permite a atacantes remotos ejecutar comandos arbitrarios SQL a través de parámetro category. • https://www.exploit-db.com/exploits/5942 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-5197 – PHP-Fusion Mod Classifieds - 'lid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5197
21 Nov 2008 — SQL injection vulnerability in classifieds.php in PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the lid parameter in a detail_adverts action. Vulnerabilidad de inyección SQL en classifieds.php en PHP-Fusion permite a atacantes remotos ejecutar comandos arbitrarios SQL a través de parámetro lid en una acción detail_adverts. • https://www.exploit-db.com/exploits/5961 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-5074 – PHP-Fusion Mod freshlinks - 'linkid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5074
14 Nov 2008 — SQL injection vulnerability in index.php in the Freshlinks 1.0 RC1 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the linkid parameter. Vulnerabilidad de inyección SQL en index.php en el módulo Freshlinks v1.0 RC1 para PHP-Fusion permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "linkid". • https://www.exploit-db.com/exploits/6620 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-4521 – PHP-Fusion Mod raidtracker_panel - 'INFO_RAID_ID' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4521
09 Oct 2008 — SQL injection vulnerability in thisraidprogress.php in the World of Warcraft tracker infusion (raidtracker_panel) module 2.0 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the INFO_RAID_ID parameter. Vulnerabilidad de inyección SQL en el archivo thisraidprogress.php en el módulo World of Warcraft tracker infusion (raidtracker_panel) 2.0 para PHP-Fusion que permite a los atacante remotos ejecutar arbitariamente comandos SQL a través del parámetro INFO_RAID_ID. • https://www.exploit-db.com/exploits/6682 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2008-4527 – PHP-Fusion Mod recept - 'kat_id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-4527
09 Oct 2008 — SQL injection vulnerability in recept.php in the Recepies (Recept) module 1.1 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the kat_id parameter in a kategorier action. NOTE: some of these details are obtained from third party information. Vulnerabilidad de inyección SQL en recept.php en el modulo Recepies (Recept) 1.1 para PHP-Fusion que permite a atacantes remotos ejecutar comandos SQL a su elección a través de el parámetro "kat_id" en una acción Kategorier. NOTA: algunos de... • https://www.exploit-db.com/exploits/6683 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 3CVE-2008-2227 – Forum Rank System 6 - 'settings['locale']' Multiple Local File Inclusions
https://notcve.org/view.php?id=CVE-2008-2227
14 May 2008 — Multiple directory traversal vulnerabilities in PHP-Fusion Forum Rank System 6 allow remote attackers to include and execute arbitrary local files via a .. (dot dot) in the settings[locale] parameter to (1) forum.php and (2) profile.php in infusions/rank_system/. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de Salto de Directorio en PHP-Fusion Forum Rank System 6 permiten a atacantes remotos incluir y ejecutar a... • https://www.exploit-db.com/exploits/31752 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.8EPSS: 1%CPEs: 2EXPL: 3CVE-2008-1918 – PHP-Fusion 6.01.14 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2008-1918
22 Apr 2008 — SQL injection vulnerability in submit.php in PHP-Fusion 6.01.14 and 6.00.307, when magic_quotes_gpc is disabled and the database table prefix is known, allows remote authenticated users to execute arbitrary SQL commands via the submit_info[] parameter in a link submission action. NOTE: it was later reported that 7.00.2 is also affected. Vulnerabilidad de inyección SQL en el archivo submit.php en PHP-Fusion versiones 6.01.14 y 6.00.307, cuando magic_quotes_gpc está deshabilitado y se conoce el prefijo de la ... • https://www.exploit-db.com/exploits/5470 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-5187 – PHP-Fusion module Expanded Calendar 2.x - SQL Injection
https://notcve.org/view.php?id=CVE-2007-5187
03 Oct 2007 — SQL injection vulnerability in infusions/calendar_events_panel/show_single.php in the Expanded Calendar 2.x module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the sel parameter. Vulnerabilidad de inyección SQL en infusions/calendar_events_panel/show_single.php del módulo Expanded Calendar 2.x para PHP-Fusion permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro sel. • https://www.exploit-db.com/exploits/4475 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2007-3559
https://notcve.org/view.php?id=CVE-2007-3559
04 Jul 2007 — Cross-site scripting (XSS) vulnerability in infusions/shoutbox_panel/shoutbox_panel.php in PHP-Fusion 6.01.10 and 6.01.9, when guest posts are enabled, allows remote authenticated users to inject arbitrary web script or HTML via the URI, related to the FUSION_QUERY constant. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en infusions/shoutbox_panel/shoutbox_panel.php en PHP-Fusion 6.01.10 y 6.01.9, cuando los mensajes de invitados están habilitados, permite a atacantes remotos inyectar se... • http://osvdb.org/36342 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2007-1978 – PHP-Fusion Module Arcade 1.0 - 'cid' SQL Injection
https://notcve.org/view.php?id=CVE-2007-1978
12 Apr 2007 — SQL injection vulnerability in index.php in the Arcade 1.00 module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the cid parameter in a view_game_list action. Vulnerabilidad de inyección SQL en index.php en el módulo Arcade 1.00 para PHP-Fusion permite a atacantes remotos ejecutar comandos sql de su elección mediante el parámetro cid en una acción view_game_list. • https://www.exploit-db.com/exploits/3640 •