Ilia Alshanetsky Fudforum vulnerabilities
6 known vulnerabilities affecting ilia_alshanetsky/fudforum.
Total CVEs
6
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3LOW1
Vulnerabilities
Page 1 of 1
CVE-2002-1422P4MEDIUMCVSS 5.0PoCv1.2.8v1.9.8+1 more2003-04-11
CVE-2002-1422 [MEDIUM] CVE-2002-1422: admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-enc
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.
nvd
CVE-2002-1423P4MEDIUMCVSS 5.0PoCv1.2.8v1.9.8+1 more2003-04-11
CVE-2002-1423 [MEDIUM] CVE-2002-1423: tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolut
tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.
nvd
CVE-2005-2781P3HIGHCVSS 7.5v2.1.0v2.1.1+37 more2005-09-02
CVE-2005-2781 [HIGH] CVE-2005-2781: The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which a
The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.
nvd
CVE-2002-1421P4HIGHCVSS 7.5v1.2.8v1.9.8+1 more2003-04-11
CVE-2002-1421 [HIGH] CVE-2002-1421: SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorize
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.
nvd
CVE-2005-2600P4MEDIUMCVSS 5.0v2.6.152005-08-17
CVE-2005-2600 [MEDIUM] CVE-2005-2600: FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupw
FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter.
nvd
CVE-2013-5309P4LOWCVSS 2.6v1.2.8v1.9.8+41 more2013-08-16
CVE-2013-5309 [LOW] CWE-79 CVE-2013-5309: Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
nvd