CVSS: 9.8EPSS: 0%CPEs: 12EXPL: 3CVE-2006-4673 – PHP-Fusion 6.0.x - 'news.php' SQL Injection
https://notcve.org/view.php?id=CVE-2006-4673
11 Sep 2006 — Global variable overwrite vulnerability in maincore.php in PHP-Fusion 6.01.4 and earlier uses the extract function on the superglobals, which allows remote attackers to conduct SQL injection attacks via the _SERVER[REMOTE_ADDR] parameter to news.php. Vulnerabilidad de sobre escritura de variable global en maincore.php en PHP-Fusion 6.01.4 y anteriores utiliza la función extract sobre super globales, lo que permite a un atacante remoto conducir a ataques de inyección SQL a través del parámetro _SERVER[REMOTE... • https://www.exploit-db.com/exploits/28496 •
CVSS: 6.1EPSS: 0%CPEs: 26EXPL: 0CVE-2006-3555
https://notcve.org/view.php?id=CVE-2006-3555
13 Jul 2006 — Multiple cross-site scripting (XSS) vulnerabilities in submit.php in PHP-Fusion before 6.01.3 allow remote attackers to inject arbitrary web script or HTML by using edit_profile.php to upload a (1) avatar or (2) forum image attachment that has a .gif or .jpg extension, and begins with a GIF header followed by JavaScript code, which is executed by Internet Explorer. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en submit.php de PHP-Fusion before 6.01.3 permiten a atacantes rem... • http://php-fusion.co.uk/news.php •
CVSS: 8.8EPSS: 6%CPEs: 11EXPL: 2CVE-2006-2330 – PHP-Fusion 6.00.306 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-2330
12 May 2006 — PHP-Fusion 6.00.306 and earlier, running under Apache HTTP Server 1.3.27 and PHP 4.3.3, allows remote authenticated users to upload files of arbitrary types using a filename that contains two or more extensions that ends in an assumed-valid extension such as .gif, which bypasses the validation, as demonstrated by uploading then executing an avatar file that ends in ".php.gif" and contains PHP code in EXIF metadata. • https://www.exploit-db.com/exploits/1760 •
CVSS: 9.8EPSS: 12%CPEs: 11EXPL: 2CVE-2006-2331 – PHP-Fusion 6.00.306 - Multiple Vulnerabilities
https://notcve.org/view.php?id=CVE-2006-2331
12 May 2006 — Multiple directory traversal vulnerabilities in PHP-Fusion 6.00.306 allow remote attackers to include and execute arbitrary local files via (1) a .. (dot dot) in the settings[locale] parameter in infusions/last_seen_users_panel/last_seen_users_panel.php, and (2) a .. (dot dot) in the localeset parameter in setup.php. NOTE: the vendor states that this issue might exist due to problems in third party local files. • https://www.exploit-db.com/exploits/1760 •
CVSS: 6.1EPSS: 0%CPEs: 18EXPL: 0CVE-2006-0593
https://notcve.org/view.php?id=CVE-2006-0593
08 Feb 2006 — Cross-site scripting (XSS) vulnerability in PHP-Fusion before 6.00.304 allows remote attackers to inject arbitrary web script or HTML via the (1) shout_name field in shoutbox_panel.php and the (2) comments field in comments_include.php. • http://secunia.com/advisories/18949 •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3739
https://notcve.org/view.php?id=CVE-2005-3739
22 Nov 2005 — Unspecified vulnerability in subheader.php in PHP-Fusion 6.00.206 and earlier allows remote attackers to obtain the full path via unspecified vectors. Vulnerabilidad no especificada en subheader.php de PHP-Fusion 6.00.206 y anteriores permite a atacantes remotos obtener la ruta completa mediante vectores no especificados. • http://myblog.it-security23.net/advisories/advisory-6.txt •
CVSS: 9.8EPSS: 1%CPEs: 1EXPL: 2CVE-2005-3740
https://notcve.org/view.php?id=CVE-2005-3740
22 Nov 2005 — Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.206 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter to options.php or (2) lastvisited parameter to viewforum.php. Múltiples vulnerabilidades de inyección de SQL en PHP-Fusion 6.00.206 y anteriores permiten a atacantes remotos ejecutar comandos SQL de su elección mediante (1) el parámetro "forum_id" de options.php, o (2) el parámetro "lastvisited" de viewforum.php. • http://myblog.it-security23.net/advisories/advisory-6.txt •