VYPR

FusionDirectory

by Fusiondirectory

Source repositories

CVEs (3)

  • CVE-2025-32807MedApr 11, 2025
    risk 0.27cvss 5.3epss 0.01

    A path traversal vulnerability in FusionDirectory before 1.5 allows remote attackers to read arbitrary files on the host that end with .png (and .svg or .xpm for some configurations) via the icon parameter of a GET request to geticon.php.

  • CVE-2022-36179Nov 22, 2022
    risk 0.00cvss epss 0.01

    Fusiondirectory 1.3 suffers from Improper Session Handling.

  • CVE-2022-36180Nov 22, 2022
    risk 0.00cvss epss 0.01

    Fusiondirectory 1.3 is vulnerable to Cross Site Scripting (XSS) via /fusiondirectory/index.php?message=[injection], /fusiondirectory/index.php?message=invalidparameter&plug={Injection], /fusiondirectory/index.php?signout=1&message=[injection]&plug=106.