Known Vulnerabilities for products from Php-fusion

Listed below are 20 of the newest known vulnerabilities associated with the vendor "Php-fusion".

These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.

Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.

Known Vulnerabilities

CVE Shortened Description Severity Publish Date Last Modified
CVE-2026-32542 Not Provided 2026-03-25 2026-03-25
CVE-2026-25472 Not Provided 2026-02-19 2026-04-01
CVE-2025-58965 Not Provided 2025-09-22 2026-04-01
CVE-2025-31549 Not Provided 2025-03-31 2026-04-01
CVE-2024-37962 Not Provided 2024-12-19 2026-04-01
CVE-2024-32796 Not Provided 2024-04-24 2026-04-01
CVE-2024-27972 Not Provided 2024-04-03 2026-04-01
CVE-2021-40541 PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() ... 6.1 - MEDIUM 2021-10-11 2021-10-15
CVE-2021-40189 PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/t... 7.2 - HIGH 2021-10-11 2021-10-19
CVE-2021-40188 PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not f... 7.2 - HIGH 2021-10-11 2021-10-18
CVE-2021-28280 CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitra... 6.1 - MEDIUM 2021-04-29 2022-04-25
CVE-2021-3172 ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... 8.1 - HIGH 2023-02-17 2023-08-08
CVE-2020-35952 login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between inc... 6.5 - MEDIUM 2021-01-03 2021-01-11
CVE-2020-35687 PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on be... 4.3 - MEDIUM 2021-01-13 2021-02-02
CVE-2020-24949 Privilege escalation in PHP-Fusion 9.03.50 downloads/downloads.php allows an authenticated user (not admin) to send a crafted... 8.8 - HIGH 2020-09-03 2021-07-21
CVE-2020-23754 Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attacker... 9.6 - CRITICAL 2021-11-02 2021-11-03
CVE-2020-23702 Cross Site Scripting (XSS) vulnerability in PHP-Fusion 9.03.60 via 'New Shout' in /infusions/shoutbox_panel/shoutbox_admin.ph... 4.8 - MEDIUM 2021-07-07 2021-07-12
CVE-2020-23658 PHP-Fusion 9.03.60 is affected by Cross Site Scripting (XSS) via infusions/member_poll_panel/poll_admin.php. 5.4 - MEDIUM 2020-08-26 2020-09-01
CVE-2020-23185 A stored cross site scripting (XSS) vulnerability in /administration/setting_security.php of PHP-Fusion 9.03.60 allows authen... 5.4 - MEDIUM 2021-07-02 2021-07-06
CVE-2020-23184 A stored cross site scripting (XSS) vulnerability in /administration/settings_registration.php of PHP-Fusion 9.03.60 allows a... 5.4 - MEDIUM 2021-07-02 2021-07-06
Results limited to 20 most recent vulnerabilities

Known software with vulnerabilities from Php-fusion

Type Vendor Product Version
ApplicationPhp-fusionExpanded Calendar Module-
ApplicationPhp-fusionFreshlinks Module1.0
ApplicationPhp-fusionPhpfusion8.00.40
ApplicationPhp-fusionPhp-fusion-
ApplicationPhp-fusionRecepies Module1.1
ApplicationPhp-fusionTeam Impact Ti Blog System Module-
ApplicationPhp-fusionWorld Of Warcraft Tracker Infusion Module2.0