150 matches found
Cross site scripting
A cross-site scripting XSS issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter...
Cross site scripting
A cross-site scripting XSS issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter...
CVE-2021-27519
A cross-site scripting XSS issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter...
CVE-2021-27519
CVE-2021-27519 – FUDForum 3.1.0 Cross-Site Scripting Affected software: FUDForum 3.1.0. Issue: an XSS vulnerability exists in index.php where user input in the “srch” parameter is not properly sanitized, allowing remote attackers to inject JavaScript. Impact: as described, successful exploitation...
CVE-2021-27520
CVE-2021-27520 is a documented XSS vulnerability in FUDForum 3.1.0. The issue allows an attacker to inject JavaScript via index.php when supplying the author parameter, potentially enabling script execution in the context of other users and, as described in connected data, may lead to cookie-base...
CVE-2021-27520
A cross-site scripting XSS issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter...
FUDForum 跨站脚本漏洞
FUDforum is an open source forum system built on PHP+MySQL/PostgreSQL. A cross-site scripting vulnerability exists in FUDForum 3.1.0. An attacker can exploit this vulnerability to inject JavaScript via the srch parameter in index.php...
FUDForum 跨站脚本漏洞
FUDforum is an open source forum system built on PHP+MySQL/PostgreSQL. A cross-site scripting vulnerability exists in FUDForum 3.1.0. An attacker can exploit this vulnerability to inject JavaScript via the author parameter in index.php...
CVE-2013-2267
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system...
Code injection
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system...
CVE-2013-2267
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system...
CVE-2013-2267
FUDforum 3.0.4 and earlier are affected by a PHP code injection in /adm/admreplace.php due to insufficient validation of POST parameters regex_str, regex_str_opt and regex_with, allowing remote attackers to inject and execute arbitrary PHP code on the server with web server privileges (CWE-94). T...
FUDForum Remote Code Execution (CVE-2019-18873)
A remote code execution vulnerability exists in FUDForum. Successful exploitation could result in execution of arbitrary code on the affected system...
FUDForum Cross-Site Scripting Vulnerability
FUDforum is an open source forum system built on PHP+MySQL/PostgreSQL. FUDForum 3.0.9 suffers from a stored cross-site scripting vulnerability that can be exploited by an attacker to achieve remote code execution via the nlogin parameter...
CVE-2019-18839
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP file...
CVE-2019-18839
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP file...
Design/Logic Flaw
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP file...
CVE-2019-18839
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP file...
CVE-2019-18839
CVE-2019-18839 affects FUDForum 3.0.9. The vulnerability is a Stored XSS through the nlogin parameter, which can lead to remote code execution. An attacker can abuse a normal user account to fully compromise the system by sending a POST request; when an admin views the user information, the paylo...
FUDForum 3.0.9 - Remote Code Execution
FUDForum 3.0.9 - Remote Code Execution Exploit Title : FUDForum 3.0.9 - Remote Code Execution Date: 2019-10-26 Exploit Author: liquidsky JMcPeters Vulnerable Software: FUDForum 3.0.9 Vendor Homepage: https://sourceforge.net/projects/fudforum/ Version: 3.0.9 Software Link:...