CMS

PHP-Fusion

PHP-Fusion is a light-weight open-source content management system (CMS) written in PHP 5. It utilises a MySQL database to store your site content and includes a simple comprehensive administration system. PHP-Fusion includes the most common features you would expect to see in many other CMS packages.

Official Site:

https://www.php-fusion.co.uk/maintenance.php

Severity Summary:

High: 9 Medium: 24 Low: 1

Reference

Title

Severity

CVE-2014-8596

PHPFusion Multiple SQL Injection Vulnerabilities

High

CVE-2020-12461

PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

High

CVE-2008-5946

PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

High

CVE-2019-12099

PHPFusion Code Execution Vulnerability

High

CVE-2013-1803

PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

High

CVE-2013-7375

PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

High

CVE-2021-3172

PHP-Fusion Incorrect Permission Assignment for Critical Resource Vulnerability

High

CVE-2020-14960

PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

High

CVE-2020-24949

PHP-Fusion Improper Privilege Management Vulnerability

High

CVE-2008-6850

PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2020-23178

PHP-Fusion Authentication Bypass by Capture-replay Vulnerability

Medium

CVE-2020-23179

PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2020-23181

PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2020-23182

PHP-Fusion URL Redirection to Untrusted Site (Open Redirect) Vulnerability

Medium

CVE-2020-23184

PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2020-23185

PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2020-23702

PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2008-1918

PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

Medium

CVE-2008-5335

PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability

Medium

CVE-2012-6043

PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2020-12718

PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2013-1804

PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2013-1806

PHP-Fusion Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability

Medium

CVE-2020-23658

PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2020-17450

PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2020-17449

PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2015-8375

PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2020-35952

PHP-Fusion Vulnerability

Medium

CVE-2020-12438

PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium

CVE-2020-15041

PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability

Medium