PHPFusion 9.03.110
Approved changes feed: RSS · Atom
cpe:2.3:a:php-fusion:phpfusion:9.03.110:*:*:*:*:*:*:*
part: a version: 9.03.110 update: *
| Vendor | Php Fusion (9882a299-fb6b-5a33-aa4e-52dbde0ad700) |
|---|---|
| Product | Phpfusion (4ddda480-2c76-53da-9a0d-8b9160bf9351) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:github/phpfusion/phpfusion |
purl2cpe | 2026-06-01 10:15:01.240060 |
pkg:sourceforge/product/php-fusion |
purl2cpe | 2026-06-01 10:15:01.240061 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2021-40541 |
vulnerable | 2026-06-08 05:35:18.798303 |
Details available
PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the end of text.
Published: 2021-10-11T13:16:45.000Z
Updated: 2024-08-04T02:44:10.845Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-40189 |
vulnerable | 2026-06-08 05:35:17.333617 |
Details available
PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary code.
Published: 2021-10-11T18:27:33.000Z
Updated: 2024-08-04T02:27:31.850Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-40188 |
vulnerable | 2026-06-08 05:35:17.333126 |
Details available
PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An attacker can upload a malicious file and execute code on the server.
Published: 2021-10-11T18:41:31.000Z
Updated: 2024-08-04T02:27:31.872Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2021-28280 |
vulnerable | 2026-06-08 05:31:23.767297 |
Details available
CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML
Published: 2021-04-29T14:57:23.000Z
Updated: 2024-08-03T21:40:13.139Z Reference links
|
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.