9 matches found
EUVD-2022-48409
Malicious code in bioql PyPI...
CVE-2020-36828
CVE-2020-36828 (DiscuzX) affects DiscuzX up to version 3.4-20200818. The vulnerability is in the function show_next_step of the file upload/install/include/install_function.php, where manipulation of the uchidden argument enables cross-site scripting. The issue can be exploited remotely. A fixed ...
Cross site scripting
Cross site scripting XSS vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search...
CVE-2022-45543
The provided connected documents confirm CVE-2022-45543 is an XSS vulnerability in DiscuzX 3.4 that lets an attacker execute arbitrary code via the audit search parameters datetline, title, tpp, or username. The entry indicates a potential arbitrary code execution impact, with no published exploi...
Discuz! DiscuzX file deletion vulnerability
Discuz! DiscuzX is an online forum system. A file deletion vulnerability exists in Discuz! DiscuzX version 3.4, which can be exploited by a remote attacker to delete the commonmemberwechatmp data structure by sending an ac=unbindmp request to the plugin.php page when wechat login is enabled...
CVE-2018-20422
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty wechatcommonmemberwechatmp to gain login access to an account via a plugin.php ac=wxregister request the attacker does not have control over which account will be accessed...
Design/Logic Flaw
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string...
CVE-2018-20423
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string...
CVE-2018-20422
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty wechatcommonmemberwechatmp to gain login access to an account via a plugin.php ac=wxregister request the attacker does not have control over which account will be accessed...