252 matches found
CVE-2021-43786
Nodebb is an open source Node.js based forum software. In affected versions incorrect logic present in the token verification step unintentionally allowed master token access to the API. The vulnerability has been patch as of v1.18.5. Users are advised to upgrade as soon as possible...
CVE-2025-29460
An issue in MyBB 1.8.38 allows a remote attacker to obtain sensitive information via the Add Mycode function. NOTE: the Supplier disputes this because of the allowed actions of Board administrators and because of SSRF mitigation...
WordPress plugin WP w3all phpBB 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...
CVE-2022-36076
NodeBB Forum Software is powered by Node.js and supports either Redis, MongoDB, or a PostgreSQL database. Due to an unnecessarily strict conditional in the code handling the first step of the SSO process, the pre-existing logic that added and later checked a nonce was inadvertently rendered opt-i...
CVE-2022-24734
MyBB is a free and open source forum software. In affected versions the Admin CP's Settings management module does not validate setting types correctly on insertion and update, making it possible to add settings of supported type php with PHP code, executed on on Change Settings pages. This resul...
CVE-2022-46164
NodeBB is an open source Node.js based forum software. Due to a plain object with a prototype being used in socket.io message handling a specially crafted payload can be used to impersonate other users and takeover accounts. This vulnerability has been patched in version 2.6.1. Users are advised ...
CVE-2022-39265
MyBB is a free and open source forum software. The Mail Settings → Additional Parameters for PHP's mail function mailparameters setting value, in connection with the configured mail program's options and behavior, may allow access to sensitive information and Remote Code Execution RCE. The...
CVE-2024-51492
Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on raw image load. With certain payloads, theft of the target user’s long-lived session token is possible...
CVE-2024-51492 Zusam vulnerable to stored XSS, allowing token theft via crafted SVG
Zusam is a free and open-source way to self-host private forums. Prior to version 0.5.6, specially crafted SVG files uploaded to the service as images allow for unrestricted script execution on raw image load. With certain payloads, theft of the target user’s long-lived session token is possible...
SMF 安全漏洞
SMF Simple Machines Forum is a free, open source community forum project from Simple Machines Open Source. A security vulnerability exists in SMF version 2.1.4 that stems from manipulation of the parameter aid resulting in improper control of resource identifiers...
CVE-2024-5733
A vulnerability was found in itsourcecode Online Discussion Forum 1.0. It has been rated as critical. This issue affects some unknown processing of the file registerme.php. The manipulation of the argument eaddress leads to sql injection. The attack may be initiated remotely. The exploit has been...
CVE-2024-23335
MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...
CVE-2024-23336
MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the 127.0.0.0/8 block, which may result in a Server-Side Request Forgery SSRF vulnerability. The Configuration File's Disallowed Remote Addresses list $config'disallowedremoteaddresses'...
CVE-2024-23335 Backups directory .htaccess deletion in. MyBB
MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...
CVE-2024-23335 Backups directory .htaccess deletion in. MyBB
MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...
CVE-2024-23335
CVE-2024-23335 affects MyBB prior to 1.8.38. The backup management module in Admin CP may accept ".htaccess" as the backup file name, potentially exposing stored backups over HTTP on Apache servers. The fixed version is MyBB 1.8.38. Remediation: upgrade to 1.8.38 (no public workarounds documented...
CVE-2024-23335 Backups directory .htaccess deletion in. MyBB
MyBB is a free and open source forum software. The backup management module of the Admin CP may accept .htaccess as the name of the backup file to be deleted, which may expose the stored backup files over HTTP on Apache servers. MyBB 1.8.38 resolves this issue. Users are advised to upgrade. There...
CVE-2024-23336
CVE-2024-23336 concerns MyBB (prior to 1.8.38) where the default Disallowed Remote Addresses list did not include 127.0.0.0/8, enabling potential SSRF against internal resources. The issue stems from the configuration in inc/config.php where disallowed_remote_addresses contains 127.0.0.1 but omit...
CVE-2024-23336 Incomplete disallowed remote addresses list in MyBB
MyBB is a free and open source forum software. The default list of disallowed remote hosts does not contain the 127.0.0.0/8 block, which may result in a Server-Side Request Forgery SSRF vulnerability. The Configuration File's Disallowed Remote Addresses list $config'disallowedremoteaddresses'...
Codoforum 安全漏洞
Codoforum is a PHP and MySQL based forum software. A security vulnerability exists in Codoforum version v4.9, which stems from the presence of a stored cross-site scripting XSS vulnerability that allows an attacker to execute arbitrary code and obtain sensitive information via a crafted payload...