glFusion/glfusion

glFusion/glfusion

GitHubGitHub
GitHubgithub.com
www.glfusion.orgwww.glfusion.org
Unavailable
This project is no longer available (or publicly accessible) from GitHub
Releases32
Frequency3 months 1 week
Last Release
Stars3
glFusion CMS - Advanced Content Management with Style
Log in to subscribe

CVE History

CVEPublishedCVSS v3CVSS v2
CVE-2021-44942
4.3 MEDIUM4.3 MEDIUM

glFusion CMS 1.7.9 is affected by a Cross Site Request Forgery (CSRF) vulnerability in /public_html/admin/plugins/bad_behavior2/blacklist.php. Using the CSRF vulnerability to trick the administrator to click, an attacker can add a blacklist.

CVE-2021-44949
9.8 CRITICAL7.5 HIGH

glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php.

CVE-2021-44935
9.1 CRITICAL6.4 MEDIUM

glFusion CMS v1.7.9 is affected by an arbitrary user impersonation vulnerability in /public_html/comment.php. The attacker can complete the attack remotely without interaction.

CVE-2021-44937
5.3 MEDIUM5 MEDIUM

glFusion CMS v1.7.9 is affected by an arbitrary user registration vulnerability in /public_html/users.php. An attacker can register with the mailbox of any user. When users want to register, they will find that the mailbox has been occupied.