CVE Tools

php-fusion

Web & CMS Pluginsoss-project

54

Cumulative CVEs

23

Monthly snapshots

#16

Peak rank

Top products

Latest CVEs

The 15 most recently published vulnerabilities affecting php-fusion.

CVE-2020-37152PHP-Fusion 9.03.50 panels.php - Cross-Site Scripting (XSS)6.1Feb 5, 2026
CVE-2020-37137PHP-Fusion 9.03.50 - 'panels.php' Eval Injection6.1Feb 5, 2026
CVE-2020-36996PHPFusion 9.03.50 - Persistent Cross-Site Scripting6.4Jan 30, 2026
CVE-2023-53928PHPFusion 9.10.30 Stored Cross-Site Scripting via File Manager Upload5.4Dec 17, 2025
CVE-2023-4480Arbitrary File Read in Fusion File Manager5.5Sep 5, 2023
CVE-2023-2453Local file Inclusion (LFI) in Forum Infusion via Directory Traversal8.8Sep 5, 2023
CVE-2021-3172An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature.8.1Feb 17, 2023
CVE-2022-3152Unverified Password Change in phpfusion/phpfusion8.8Sep 7, 2022
BDU:2022-05045Уязвимость CMS-системы PHP-Fusion, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)7.4Aug 17, 2022
BDU:2022-05044Уязвимость CMS-системы PHP-Fusion, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга (XSS)6.8Aug 17, 2022
CVE-2014-8597A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel.6.1Feb 17, 2022
CVE-2020-23754Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature.9.6Nov 2, 2021
CVE-2021-40188PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter all PHP extensions such as ".php, .php7, .phtml, .php5, ...". An a...7.2Oct 11, 2021
CVE-2021-40189PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes/{Theme Folder], where an attacker can access and execute arbitrary...7.2Oct 11, 2021
CVE-2021-40541PHPFusion 9.03.110 is affected by cross-site scripting (XSS) in the preg patterns filter html tag without "//" in descript() function An authenticated user can trigger XSS by appending "//" in the ...6.1Oct 11, 2021