deviance - Security Researcher - Exploit Intelligence Platform

CVE-2021-28280 WRITEUP MEDIUM WRITEUP

PHPFusion 9.03.110 - XSS, CSRF

CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML

CVSS 6.1

View Code

CVE-2021-3172 WRITEUP HIGH WRITEUP

Php-fusion < 9.10.00 - Incorrect Permission Assignment

An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature.

CVSS 8.1

View Code

CVE-2022-3152 WRITEUP HIGH WRITEUP

Php-fusion Phpfusion < 9.10.20 - Authentication Bypass

Unverified Password Change in GitHub repository phpfusion/phpfusion prior to 9.10.20.

CVSS 8.8

View Code