#Apache tomcat 7.0.59 vulnerabilities code#
In PHP-Fusion 9.03.00, edit_profile.php allows remote authenticated users to execute arbitrary code because includes/dynamics/includes/form_fileinput.php and includes/classes/PHPFusion/Installer/Lib/ mishandle executable files during avatar upload.
PHP-Fusion 9.03 allows XSS via the error_log file. PHP-Fusion 9.03 allows XSS on the preview page. Login.php in PHPFusion (aka PHP-Fusion) Andromeda 9.x before generates error messages that distinguish between incorrect username and incorrect password (i.e., not a single "Incorrect username or password" message in both cases), which might allow enumeration. An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature.
0 kommentar(er)
