CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-28280

MEDIUM
6.1
CVSS Severity Score
EPSS Score0.0510%
EPSS Percentile5.02th
Published2021年4月29日
Last Modified2024年11月21日

Vulnerability Description

CSRF + Cross-site scripting (XSS) vulnerability in search.php in PHPFusion 9.03.110 allows remote attackers to inject arbitrary web script or HTML

Affected Platforms (CPE)

📦
Php Fusion

Phpfusion

= 9.03.110

References & Advisories

🔗 https://anotepad.com/notes/2skndayt
🔗 https://github.com/PHPFusion/PHPFusion/commit/08d6c2ea49bd06fcce32275252f5f25abe61965c
🔗 https://github.com/PHPFusion/PHPFusion/commit/1c2b32321cf11ed1cd3ff835f8da0d172c849ce6
🔗 https://github.com/PHPFusion/PHPFusion/commit/da9f89ae70219f357fba6fffd2dae1ec886d8a3b
🔗 https://github.com/PHPFusion/PHPFusion/commit/fda266c3bb35c650a8c4c51b6923abdfb66ef5cd
🔗 https://anotepad.com/notes/2skndayt
🔗 https://github.com/PHPFusion/PHPFusion/commit/08d6c2ea49bd06fcce32275252f5f25abe61965c
🔗 https://github.com/PHPFusion/PHPFusion/commit/1c2b32321cf11ed1cd3ff835f8da0d172c849ce6

相關漏洞威脅

CVE-2021-401897.2

PHPFusion 9.03.110 is affected by a remote code execution vulnerability. The theme function will extract a file to "webroot/themes...

CVE-2021-401887.2

PHPFusion 9.03.110 is affected by an arbitrary file upload vulnerability. The File Manager function in admin panel does not filter...

CVE-2020-359526.5

login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before 2020-12-30 generates error messages that distinguish between incorrec...

CVE-2020-369966.4

PHPFusion 9.03.50 contains a persistent cross-site scripting vulnerability in the print.php page that fails to properly sanitize u...