CyberSec.Space Logo
Back to CVE Browser

CVE-2020-23754

CRITICAL
9.6
CVSS Severity Score
EPSS Score0.1450%
EPSS Percentile27.02th
PublishedNov 2, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Cross Site Scripting (XSS) vulnerability in infusions/member_poll_panel/poll_admin.php in PHP-Fusion 9.03.50, allows attackers to execute arbitrary code, via the polls feature.

Affected Platforms (CPE)

πŸ“¦
Php Fusion

Phpfusion

= 9.03.50

References & Advisories

πŸ”— https://github.com/php-fusion/PHP-Fusion/issues/2315
πŸ”— https://user-images.githubusercontent.com/62001260/81574006-6fb70480-93cf-11ea-814c-55a96d2fe95e.PNG
πŸ”— https://user-images.githubusercontent.com/62001260/81574112-9412e100-93cf-11ea-9493-615a70162034.PNG
πŸ”— https://github.com/php-fusion/PHP-Fusion/issues/2315
πŸ”— https://user-images.githubusercontent.com/62001260/81574006-6fb70480-93cf-11ea-814c-55a96d2fe95e.PNG
πŸ”— https://user-images.githubusercontent.com/62001260/81574112-9412e100-93cf-11ea-9493-615a70162034.PNG

Related Vulnerabilities

CVE-2021-401897.2

PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes...

CVE-2021-401887.2

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter...

CVE-2020-359526.5

login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrec...

CVE-2020-369966.4

PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize u...