GCVE - cpe:2.3:a:php-fusion:phpfusion:9.03.50:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:php-fusion:phpfusion:9.03.50:*:*:*:*:*:*:*

part: a version: 9.03.50 update: *

Vendor	Php Fusion (`9882a299-fb6b-5a33-aa4e-52dbde0ad700`)
Product	Phpfusion (`4ddda480-2c76-53da-9a0d-8b9160bf9351`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:github/phpfusion/phpfusion`	purl2cpe	2026-06-01 10:15:01.240069
`pkg:sourceforge/product/php-fusion`	purl2cpe	2026-06-01 10:15:01.240071

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2020-37152`	vulnerable	2026-06-08 05:25:50.253120	PHP-Fusion 9.03.50 panels.php - Cross-Site Scripting (XSS) PHP-Fusion 9.03.50 panels.php is vulnerable to cross-site scripting (XSS) via the 'panel_content' POST parameter. The application fails to properly sanitize user input before rendering it in the browser, allowing attackers to inject arbitrary JavaScript. This can be exploited by submitting crafted input to the 'panel_content' field in panels.php, resulting in execution of malicious scripts in the context of the affected site. Published: 2026-02-05T16:13:42.999Z Updated: 2026-03-05T01:28:16.741Z Open on db.gcve.eu Reference links https://www.php-fusion.co.uk/ https://www.exploit-db.com/exploits/48299 https://www.vulncheck.com/advisories/php-fusion-panelsphp-cross-site-scripting-xss	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-37137`	vulnerable	2026-06-08 05:25:50.228001	PHP-Fusion 9.03.50 - 'panels.php' Eval Injection MEDIUM (6.1) PHP-Fusion 9.03.50 contains a remote code execution vulnerability in the 'add_panel_form()' function that allows attackers to execute arbitrary code through an eval() function with unsanitized POST data. Attackers can exploit the vulnerability by sending crafted panel_content POST parameters to the panels.php administration endpoint to execute malicious code. Published: 2026-02-05T16:13:37.832Z Updated: 2026-02-05T20:37:15.390Z Open on db.gcve.eu Reference links https://www.exploit-db.com/exploits/48278 https://www.php-fusion.co.uk https://www.vulncheck.com/advisories/php-fusion-panelsphp-eval-injection	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-23754`	vulnerable	2026-06-08 05:22:32.089000	Details available Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature. Published: 2021-11-02T17:45:17.000Z Updated: 2024-08-04T15:05:11.126Z Open on db.gcve.eu Reference links https://github.com/php-fusion/PHP-Fusion/issues/2315 https://user-images.githubusercontent.com/62001260/81574112-9412e100-93cf-11ea-9493-615a70162034.PNG https://user-images.githubusercontent.com/62001260/81574006-6fb70480-93cf-11ea-814c-55a96d2fe95e.PNG	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.