<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Virsec Security Research Lab

CVE-2020-35687: PHPFusion (Cross Site Request Forgery)

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.

1.1        Vulnerability Summary

PHPFusion version 9.03.90 is vulnerable to CSRF attack which leads to deletion of all shoutbox messages by the attacker on behalf of the logged in victim.


Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

NVD Base score of this vulnerability is 4.3 Medium . CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N

1.3        Affected Version

PHPFusion version 9.03.90

1.4        Vulnerability Attribution

This vulnerability is reported by MITRE.

1.5        Risk Impact

PHP-Fusion is a free and open-source web framework based on PHP and MySQL that has an integrated content management system (CMS) among many other features.

Exploiting this vulnerability will allow attacker to delete all sensitive and critical shoutbox data.

Exploit is available in public domain here.

1.6        Virsec Security Platform (VSP) Support:

VSP-Web has capability that can detect all types of CSRF attack and prevent this attack from being exploited.

1.7        Reference Links:

Download the full vulnerability report to learn more about this and other important vulnerabilities.


Do you have a request for a vulnerability Virsec Security Research Lab to explore? Let us know!