252 matches found
phpBB 路径遍历漏洞
phpBB is an open-source web forum software based on the PHP language. This software supports multiple languages, various databases, and custom layout designs. phpBB has a path traversal vulnerability, which stems from an arbitrary file upload vulnerability. This vulnerability could allow verified...
EUVD-2018-21752
MyBB Last User's Threads in Profile Plugin 1.2 contains a persistent cross-site scripting vulnerability that allows attackers to inject malicious scripts by crafting thread subjects with script tags. Attackers can create threads with script payloads in the subject field that execute when users...
Xenforo 代码注入漏洞
Xenforo is a forum software developed by the Xenforo company. Versions of XenForo prior to 2.3.7 had a code injection vulnerability. This vulnerability stemmed from improper restrictions on methods that could be called within templates, allowing unauthorized method calls to occur...
EUVD-2026-10422
flarum/nicknames extension has display name injection in notification emails autolink & markdown...
CVE-2026-25923 Phar Deserialization leading to Arbitrary File Deletion in my little forum
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...
CVE-2026-25923
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file disguised as JPEG via the image...
my little forum 代码问题漏洞
My Little Forum is an open-source online forum system based on PHP and MySQL. Versions prior to 20260208.1 had code vulnerabilities; these vulnerabilities stemmed from URL validation not filtering the phar protocol, which could lead to arbitrary file deletion...
CVE-2018-25132
MyBB Trending Widget Plugin 1.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious scripts through thread titles. Attackers can modify thread titles with script payloads that will execute when other users view the trending widget...
Thread Redirect plugin for MyBB – Cross-site scripting vulnerabilities
The Thread Redirect plugin for MyBB is a plugin developed by Jamie Sage, an individual developer. The Thread Redirect plugin for MyBB version 0.2.1 has a cross-site scripting vulnerability. This vulnerability stems from improper cleaning of custom text input fields, which may lead to cross-site...
CVE-2023-43187
A remote code execution RCE vulnerability in the xmlrpc.php endpoint of NodeBB Inc NodeBB forum software prior to v1.18.6 allows attackers to execute arbitrary code via crafted XML-RPC requests...
EUVD-2023-60241
MyBB 1.8.32 contains a chained vulnerability that allows authenticated administrators to bypass avatar upload restrictions and execute arbitrary code. Attackers can modify upload path settings, upload a malicious PHP-embedded image file, and execute commands through the language configuration...
EUVD-2025-35589
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a...
CVE-2025-62606
CVE-2025-62606 affects My Little Forum (PHP/MySQL). Before version 2.5.12, an authenticated SQL injection vulnerability exists in the bookmark reordering feature, allowing any logged-in user to execute arbitrary SQL commands. This can lead to a full compromise of the application’s database (read,...
CVE-2025-62606 my little forum vulnerable to SQL Injection in Bookmark Reordering via bookmarks parameter
my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to version 2.5.12, an authenticated SQL injection vulnerability in the bookmark reordering feature allows any logged-in user to execute arbitrary SQL commands. This can lead to a...
EUVD-2021-2408
Malware in sbrugna...
EUVD-2021-2372
Malware in sbrugna...
EUVD-2008-5150
Malware in sbrugna...
EUVD-2005-2902
Malware in sbrugna...
EUVD-2021-2354
Malware in sbrugna...
EUVD-2025-16667
Malicious code in bioql PyPI...