Keir Davis X-Forum vulnerabilities
2 known vulnerabilities affecting keir_davis/x-forum.
Total CVEs
2
CISA KEV
0
Public exploits
2
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2009-1508P3HIGHCVSS 7.5PoCv0.6.22009-05-01
CVE-2009-1508 [HIGH] CWE-89 CVE-2009-1508: SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allow
SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookie_username parameter to Configure.php.
nvd
CVE-2009-1512P3MEDIUMCVSS 6.5PoCv0.6.22009-05-01
CVE-2009-1512 [MEDIUM] CWE-94 CVE-2009-1512: Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to i
Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php.
nvd