PHP-Fusion 9.03.50

Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted request to the server and perform remote command execution (RCE).

Published: 2020-09-03T13:51:12.000Z
Updated: 2024-08-04T15:26:08.691Z

A stored cross site scripting (XSS) vulnerability in administration/settings_main.php of PHP-Fusion 9.03.50 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the "Site footer" field.

Published: 2021-07-02T17:51:07.000Z
Updated: 2024-08-04T14:58:14.495Z

An issue exists in PHP-Fusion 9.03.50 where session cookies are not deleted once a user logs out, allowing for an attacker to perform a session replay attack and impersonate the victim user.

Published: 2021-07-02T17:51:05.000Z
Updated: 2024-08-04T14:58:14.437Z

A SQL injection vulnerability in PHP-Fusion 9.03.50 affects the endpoint administration/comments.php via the ctype parameter,

Published: 2020-06-21T23:04:40.000Z
Updated: 2024-08-04T13:00:52.019Z

In administration/comments.php in PHP-Fusion 9.03.50, an authenticated attacker can take advantage of a stored XSS vulnerability in the Preview Comment feature. The protection mechanism can be bypassed by using HTML event handlers such as ontoggle.

Published: 2020-05-07T23:29:26.000Z
Updated: 2024-08-04T12:04:22.777Z

Multiple cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the cat_id parameter to downloads/downloads.php or article.php. NOTE: this might overlap CVE-2012-6043.

Published: 2020-05-07T19:07:58.000Z
Updated: 2024-08-04T12:04:22.504Z

Multiple Cross-site scripting vulnerabilities in PHP-Fusion 9.03.50 allow remote attackers to inject arbitrary web script or HTML via the go parameter to faq/faq_admin.php or shoutbox_panel/shoutbox_admin.php

Published: 2020-05-07T19:09:20.000Z
Updated: 2024-08-04T12:04:22.857Z

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query.

Published: 2020-04-29T16:14:26.000Z
Updated: 2024-08-04T11:56:52.071Z

An XSS vulnerability exists in the banners.php page of PHP-Fusion 9.03.50. This can be exploited because the only security measure used against XSS is the stripping of SCRIPT tags. A malicious actor can use HTML event handlers to run JavaScript instead of using SCRIPT tags.

Published: 2020-04-28T20:51:35.000Z
Updated: 2024-08-04T11:56:51.815Z