CVE-2020-35687

MEDIUM

Php-fusion Phpfusion - CSRF

Title source: rule

Description

PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.

Exploits (1)

exploitdb WORKING POC

by Mohamed Oosman · htmlwebappsphp

https://www.exploit-db.com/exploits/49426

View Code ZIP pw:eip

References (2)

[Exploit, Issue Tracking, Third Party Advisory] https://github.com/PHPFusion/PHPFusion/issues/2347

[Exploit, Third Party Advisory, VDB Entry] https://www.exploit-db.com/exploits/49426

Scores

CVSS v3 4.3

EPSS 0.0012

EPSS Percentile 31.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

Details

CWE

CWE-352

Status published

Products (1)

php-fusion/phpfusion 9.03.90

Published Jan 13, 2021

Tracked Since Feb 18, 2026