CVSS: 9.8EPSS: 12%CPEs: 11EXPL: 2CVE-2006-2331 – PHP-Fusion 6.00.306 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-2331
12 May 2006 — Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a .. (dot dot) in the localeset parameter in setup.php. NOTE: the vendor states that this issue might exist due to problems in third party local files. • https://www.exploit-db.com/exploits/1760 •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2006-0593
https://notcve.org/view.php?id=CVE-2006-0593
08 Feb 2006 — Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php. • http://secunia.com/advisories/18949 •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2005-4655
https://notcve.org/view.php?id=CVE-2005-4655
31 Dec 2005 — Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as "<me<meta>ta" and "<sc<script>ript>". • http://archives.neohapsis.com/archives/bugtraq/2005-10/0272.html •
CVSS: 6.1EPSS: 7%CPEs: 6EXPL: 2CVE-2005-4516 – PHP-Fusion 6.0 - 'members.php' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2005-4516
28 Dec 2005 — Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow remote attackers to inject arbitrary web script or HTML via (1) the sortby parameter in members.php and (2) IMG tags. • https://www.exploit-db.com/exploits/26872 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1CVE-2005-4517 – PHP-Fusion 6.00.3 - 'rating' SQL Injection
https://notcve.org/view.php?id=CVE-2005-4517
28 Dec 2005 — SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as ratings_include.php. • https://www.exploit-db.com/exploits/1385 •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2005-4005 – PHP-Fusion 6.0.109 - 'messages.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-4005
05 Dec 2005 — SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to obtain path information and possibly execute arbitrary SQL commands via the srch_text parameter in a Search and Sort option to messages.php. • https://www.exploit-db.com/exploits/26706 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3739
https://notcve.org/view.php?id=CVE-2005-3739
22 Nov 2005 — Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors. Vulnerabilidad no especificada en subheader.php de PHP-Fusion 6.00.206 y anteriores permite a atacantes remotos obtener la ruta completa mediante vectores no especificados. • http://myblog.it-security23.net/advisories/advisory-6.txt •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2005-3740
https://notcve.org/view.php?id=CVE-2005-3740
22 Nov 2005 — Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php. Múltiples vulnerabilidades de inyección de SQL en PHP-Fusion 6.00.206 y anteriores permiten a atacantes remotos ejecutar comandos SQL de su elección mediante (1) el parámetro "forum_id" de options.php, o (2) el parámetro "lastvisited" de viewforum.php. • http://myblog.it-security23.net/advisories/advisory-6.txt •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2005-3157 – PHP-Fusion 6.00.109 - 'msg_send' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3157
06 Oct 2005 — SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 allows remote attackers to execute arbitrary SQL commands via the msg_send parameter, a different vulnerability than CVE-2005-3158 and CVE-2005-3159. • https://www.exploit-db.com/exploits/1237 •
CVSS: 9.8EPSS: 1%CPEs: 2EXPL: 1CVE-2005-3158
https://notcve.org/view.php?id=CVE-2005-3158
06 Oct 2005 — SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and 6.00.107 allows remote attackers to execute arbitrary SQL commands via the (1) pm_email_notify and (2) pm_save_sent parameters, a different vulnerability than CVE-2005-3157 and CVE-2005-3159. • http://marc.info/?l=bugtraq&m=112801702000944&w=2 •