Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo

CMS

PHP-Fusion

PHP-Fusion is a light-weight open-source content management system (CMS) written in PHP 5. It utilises a MySQL database to store your site content and includes a simple comprehensive administration system. PHP-Fusion includes the most common features you would expect to see in many other CMS packages.

Official Site:

https://www.php-fusion.co.uk/maintenance.php

Severity Summary:

High: 9 Medium: 24 Low: 1
Reference
Title
Severity
CVE-2014-8596
PHPFusion Multiple SQL Injection Vulnerabilities
High
CVE-2020-12461
PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2008-5946
PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2019-12099
PHPFusion Code Execution Vulnerability
High
CVE-2013-1803
PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2013-7375
PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2021-3172
PHP-Fusion Incorrect Permission Assignment for Critical Resource Vulnerability
High
CVE-2020-14960
PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
High
CVE-2020-24949
PHP-Fusion Improper Privilege Management Vulnerability
High
CVE-2008-6850
PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-23178
PHP-Fusion Authentication Bypass by Capture-replay Vulnerability
Medium
CVE-2020-23179
PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-23181
PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-23182
PHP-Fusion URL Redirection to Untrusted Site (Open Redirect) Vulnerability
Medium
CVE-2020-23184
PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-23185
PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-23702
PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2008-1918
PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2008-5335
PHP-Fusion Improper Neutralization of Special Elements used in an SQL Command (SQL Injection) Vulnerability
Medium
CVE-2012-6043
PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-12718
PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2013-1804
PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2013-1806
PHP-Fusion Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) Vulnerability
Medium
CVE-2020-23658
PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-17450
PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-17449
PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2015-8375
PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-35952
PHP-Fusion Vulnerability
Medium
CVE-2020-12438
PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium
CVE-2020-15041
PHP-Fusion Improper Neutralization of Input During Web Page Generation (Cross-site Scripting) Vulnerability
Medium