CVSS: 6.0EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0831 – PHP-Fusion Mod Members CV (job) 1.0 - SQL Injection
https://notcve.org/view.php?id=CVE-2009-0831
SQL injection vulnerability in members.php in the Members CV (job) module 1.0 for PHP-Fusion, when magic_quotes_gpc is disabled, allows remote authenticated users to execute arbitrary SQL commands via the sortby parameter. Vulnerabilidad de inyección SQL en members.php en el módulo Members CV (job) v1.0 para PHP-Fusion, cuando magic_quotes_gpc no está activo, permite a usuarios remotos autenticados ejecutar comandos SQL de su elección a través del parámetro "sortby". • https://www.exploit-db.com/exploits/7697 http://secunia.com/advisories/33424 http://www.securityfocus.com/bid/33156 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2009-0832 – PHP-Fusion Mod E-Cart 1.3 - 'items.php' SQL Injection
https://notcve.org/view.php?id=CVE-2009-0832
SQL injection vulnerability in items.php in the E-Cart module 1.3 for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the CA parameter. Vulnerabilidad de inyección SQL en items.php en el módulo E-Cart v1.3 para PHP-Fusion permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "CA". • https://www.exploit-db.com/exploits/7698 http://www.securityfocus.com/archive/1/499835/100/0/threaded http://www.securityfocus.com/bid/33155 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 3CVE-2008-5946 – PHP-Fusion 4.01 - 'readmore.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5946
SQL injection vulnerability in readmore.php in PHP-Fusion 4.01 allows remote attackers to execute arbitrary SQL commands via the news_id parameter. Vulnerabilidad de inyección SQL en readmore.php en PHP-Fusion 4.01 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro news_id. • https://www.exploit-db.com/exploits/32242 http://www.securityfocus.com/bid/30680 http://www.securityfocus.com/bid/30680/exploit https://exchange.xforce.ibmcloud.com/vulnerabilities/44456 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 2CVE-2008-5733 – PHP-Fusion Mod TI - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5733
SQL injection vulnerability in blog.php in the Team Impact TI Blog System mod for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the id parameter. Vulnerabilidad de inyección SQL en blog.php en Team Impact TI Blog System mod para PHP-Fusion permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro id. • https://www.exploit-db.com/exploits/7598 http://osvdb.org/51017 http://securityreason.com/securityalert/4814 http://www.securityfocus.com/archive/1/499583/100/0/threaded http://www.securityfocus.com/bid/33019 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 2CVE-2008-5335 – PHP-Fusion 7.00.1 - 'messages.php' SQL Injection
https://notcve.org/view.php?id=CVE-2008-5335
SQL injection vulnerability in messages.php in PHP-Fusion 6.01.15 and 7.00.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the subject and msg_send parameters, a different vector than CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, and CVE-2006-2459. Vulnerabilidad de inyección SQL en messages.php en PHP-Fusion v6.01.15 y v7.00.1, cuando magic_quotes_gpc se deshabilita, permitiría a atacantes remotos ejecutar comando SQL a su elección a traves de los parametros "subject" y "msg_send", es un vector diferente que CVE-2005-3157, CVE-2005-3158, CVE-2005-3159, CVE-2005-4005, y CVE-2006-2459. • https://www.exploit-db.com/exploits/7173 http://osvdb.org/50065 http://secunia.com/advisories/32781 http://securityreason.com/securityalert/4688 http://www.php-fusion.co.uk/downloads.php?cat_id=19 http://www.php-fusion.co.uk/news.php?readmore=435 http://www.php-fusion.co.uk/news.php?readmore=436 http://www.securityfocus.com/bid/32388 http://www.vupen.com/english/advisories/2008/3248 https://exchange.xforce.ibmcloud.com/vulnerabilities/46760 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •