Fusionphp : Security Vulnerabilities, CVEs,

CVE-2006-7003

PHP remote file inclusion vulnerability in admin/index.php in Fusion Polls allows remote attackers to execute arbitrary PHP code via a URL in the xtrphome parameter.
Max CVSS
7.5
EPSS Score
0.45%
Published
2007-02-12
Updated
2008-09-05

CVE-2006-4240

PHP remote file inclusion vulnerability in index.php in Fusion News 3.7 allows remote attackers to execute arbitrary PHP code via a URL in the fpath parameter.
Max CVSS
7.5
EPSS Score
12.02%
Published
2006-08-21
Updated
2017-07-20

CVE-2006-3387

Directory traversal vulnerability in sources/post.php in Fusion News 1.0, when register_globals is enabled, allows remote attackers to include arbitrary files via a .. (dot dot) sequence in the fil_config parameter, which can be used to execute PHP code that has been injected into a log file.
Max CVSS
5.1
EPSS Score
1.43%
Published
2006-07-06
Updated
2017-10-19

CVE-2004-1703

Fusion News 3.6.1 allows remote attackers to add user accounts, if the administrator is logged in, via a comment that contains an img bbcode tag that calls index.php with the signup action, which is executed when the administrator's browser loads the page with the img tag.
Max CVSS
8.8
EPSS Score
0.52%
Published
2004-07-30
Updated
2024-02-08
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close