CVE-2022-41938

Flarum is an open source discussion platform. Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after v1.5 and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title inpu...

FoF Pretty Mail 1.1.2 - Local File Inclusion (LFI)

Exploit Title: FoF Pretty Mail 1.1.2 - Local File Inclusion LFI Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty Mail extensi...

FoF Pretty Mail 1.1.2 - Server Side Template Injection (SSTI)

Exploit Title: FoF Pretty Mail 1.1.2 - Server Side Template Injection SSTI Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty...

FoF Pretty Mail 1.1.2 Server-Side Template Injection Vulnerability

The server in Circontrol Raption versions through 5.11.2 has a pre-authentication stack-based buffer overflow that can be exploited to gain run-time control of the device as root. The pwrstudio web application of EV Charger in the server in Circontrol Raption through 5.6.2 is vulnerable to OS...

FoF Pretty Mail 1.1.2 Local File Inclusion Vulnerability

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Local File Inclusion LFI Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty Mail...

FoF Pretty Mail 1.1.2 Command Injection Vulnerability

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Command Injection Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty Mail extension fo...

FoF Pretty Mail 1.1.2 Local File Inclusion

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Local File Inclusion LFI Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF...

FoF Pretty Mail 1.1.2 Command Injection

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Command Injection Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Description: The FoF Pretty...

FoF Pretty Mail 1.1.2 Server-Side Template Injection

Exploit Title: FoF Pretty Mail 1.1.2 Extension for Flarum Server-Side Template Injection SSTI Date: 03/28/2024 Exploit Author: Chokri Hammedi Vendor Homepage: https://flarum.org/ Software Link: https://github.com/FriendsOfFlarum/pretty-mail Version: 1.1.2 Tested on: Windows XP CVE: N/A Descriptio...

Open Redirect

Flarum is vulnerable to Open Redirect. The vulnerability is caused due to a lack of proper sanitization in the handling of the redirect parameters within the /logout route. This allows an attacker to craft a URL with a malicious redirect parameter...

CVE-2024-21641

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...

Design/Logic Flaw

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...

CVE-2024-21641

Summary: CVE-2024-21641 affects Flarum versions before 1.8.5, where the /logout redirect parameter can be abused to redirect users to arbitrary links within a trusted domain, enabling open redirects. Impact: Unauthenticated users could be redirected by a trusted Flarum instance; for logged-in use...

CVE-2024-21641 Flarum's Logout Route allows open redirects

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...

CVE-2024-21641 Flarum's Logout Route allows open redirects

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...

CVE-2024-21641 Flarum's Logout Route allows open redirects

Flarum is open source discussion platform software. Prior to version 1.8.5, the Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. For logged-in users, the logout must be...

Flarum's logout Route allows open redirects

Impact The Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. Sample: example.com/logout?return=https://google.com. For logged-in users, the logout must be confirmed. Guests are...

GHSA-733R-8XCP-W9MR Flarum's logout Route allows open redirects

Impact The Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to redirect to any link. Sample: example.com/logout?return=https://google.com. For logged-in users, the logout must be confirmed. Guests are...

Flarum Input Validation Error Vulnerability

Flarum is an open source forum system for the Flarum community. An input validation error vulnerability exists in Flarum versions prior to 1.8.5, which stems from the logout route containing a redirection parameter that allows any third party to redirect users from a trusted domain to any link...

PT-2024-18991 · Flarum · Flarum

Name of the Vulnerable Software and Affected Versions: Flarum versions prior to 1.8.5 Description: The Flarum /logout route includes a redirect parameter that allows any third party to redirect users from a trusted domain of the Flarum installation to any link. For logged-in users, the logout mus...