CVE-2020-12461

Name: Websites susceptible to CVE-2020-12461
Creator: WebTechSurvey

CVE-2020-12461

PHP-Fusion 9.03.50 allows SQL Injection because maincore.php has an insufficient protection mechanism. An attacker can develop a crafted payload that can be inserted into the sort_order GET parameter on the members.php members search page. This parameter allows for control over anything after the ORDER BY clause in the SQL query.

We have discovered 79 live websites that are affected by CVE-2020-12461.

Run a Free Instant Scan

Affected Software


Product	PHPFusion
Category	Content Management System
Vulnerable Domains	79 live websites (44% of PHPFusion install base)
Vulnerable Versions	from 0 through 9.3.50
Vulnerable Versions Count	11 versions ( 55% of all versions)

Available Reports

Website List

Details

Published - Apr 29, 2020
Updated - Aug 4, 2024

CVE References

Website Distribution by Country

Number of websites using CVE-2020-12461

United States	11 websites

Netherlands	16 websites
Germany	13 websites
GB	12 websites
Poland	11 websites
Denmark	3 websites
Czech Republic	2 websites
Slovakia	2 websites
Belgium	1 websites
China	1 websites

Website Distribution by TLD

Number of websites using CVE-2020-12461

.eu	13 websites
.com	11 websites
.de	10 websites
.nl	8 websites
.pl	7 websites
.co.uk	5 websites
.dk	4 websites
.org	3 websites
.info	2 websites
.net	2 websites

Vulnerable Versions

Vulnerable versions are highlighted in red

Websites affected by CVE-2020-12461

Top websites that are affected by CVE-2020-12461. Please click on the "Contact us" link to get more information.

Domain	Country	Rank
*****.**.org	Netherlands	,,*
*****.*.la	Laos	,,*
********..uk	GB	,,*
*********.com	France	,,*
******.ro	Romania	,,*
*********.pl	Poland	,,*
**********.eu	Czech Republic	,,*
******.*****.eu	Poland	,,*
*.**********.nl	Netherlands	,,*
**************.nl	Netherlands	,,**