glFusion CMS v1.7.9 is affected by a reflected Cross Site Scripting (XSS) vulnerability. The value of the title request parameter is copied into the value of an HTML tag attribute which is encapsulated in double quotation marks. This input was echoed unmodified in the application's response.
Max CVSS
6.1
EPSS Score
0.08%
Published
2022-09-29
Updated
2022-09-30
glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php.
Max CVSS
9.8
EPSS Score
0.30%
Published
2021-12-14
Updated
2021-12-15
glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied.
Max CVSS
5.3
EPSS Score
0.08%
Published
2021-12-14
Updated
2022-07-12
glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction.
Max CVSS
9.1
EPSS Score
0.21%
Published
2021-12-14
Updated
2021-12-15
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.
Max CVSS
7.5
EPSS Score
0.12%
Published
2010-04-22
Updated
2018-10-10
glFusion before 1.1.3 performs authentication with a user-provided password hash instead of a password, which allows remote attackers to gain privileges by obtaining the hash and using it in the glf_password cookie, aka "User Masquerading." NOTE: this can be leveraged with a separate SQL injection vulnerability to steal hashes.
Max CVSS
6.8
EPSS Score
0.48%
Published
2009-04-09
Updated
2017-09-29
SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.
Max CVSS
7.5
EPSS Score
0.48%
Published
2009-04-09
Updated
2017-09-29
7 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!