Known Vulnerabilities for products from Php-fusion
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Php-fusion".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-35252 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2026-35243 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2026-35232 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2026-34315 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2026-34305 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2026-34294 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2026-34292 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2026-34291 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2026-34290 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2026-34289 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2023-4480 json | Due to an out-of-date dependency in the “Fusion File Manager” component accessible through the admin panel, an attacker ... | 5.5 - MEDIUM | 2023-09-05 | 2023-09-08 |
| CVE-2023-2453 json | There is insufficient sanitization of tainted file names that are directly concatenated with a path that is subsequently pass... | 8.8 - HIGH | 2023-09-05 | 2023-09-08 |
| CVE-2022-3152 json | Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20. | 8.8 - HIGH | 2022-09-07 | 2022-09-12 |
| CVE-2021-40541 json | PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() ... | 6.1 - MEDIUM | 2021-10-11 | 2021-10-15 |
| CVE-2021-40189 json | PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/t... | 7.2 - HIGH | 2021-10-11 | 2021-10-19 |
| CVE-2021-40188 json | PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not f... | 7.2 - HIGH | 2021-10-11 | 2021-10-18 |
| CVE-2021-28280 json | CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitra... | 6.1 - MEDIUM | 2021-04-29 | 2022-04-25 |
| CVE-2021-3172 json | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.1 - HIGH | 2023-02-17 | 2023-08-08 |
| CVE-2020-35952 json | login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between inc... | 6.5 - MEDIUM | 2021-01-03 | 2021-01-11 |
| CVE-2020-35687 json | PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on be... | 4.3 - MEDIUM | 2021-01-13 | 2021-02-02 |
Known software with vulnerabilities from Php-fusion
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Php-fusion | Expanded Calendar Module | - |
| Application | Php-fusion | Freshlinks Module | 1.0 |
| Application | Php-fusion | Php-fusion | - |
| Application | Php-fusion | Phpfusion | 8.00.40 |
| Application | Php-fusion | Recepies Module | 1.1 |
| Application | Php-fusion | Team Impact Ti Blog System Module | - |
| Application | Php-fusion | World Of Warcraft Tracker Infusion Module | 2.0 |