CVE-2025-34060 Monero Forum Remote Code Execution via Arbitrary File Read and Cookie Forgery

A PHP objection injection vulnerability exists in the Monero Project’s Laravel-based forum software due to unsafe handling of untrusted input in the /get/image/ endpoint. The application passes a user-supplied link parameter directly to filegetcontents without validation. MIME type checks using...

CVE-2025-6848

A vulnerability, which was classified as critical, has been found in code-projects Simple Forum 1.0. This issue affects some unknown processing of the file /forum1.php. The manipulation of the argument File leads to unrestricted upload. The attack may be initiated remotely. The exploit has been...

CVE-2025-6848

The CVE-2025-6848 entry concerns code-projects Simple Forum 1.0. Multiple connected sources specify a vulnerability in the processing of the File argument in /forum1.php that allows unrestricted file uploads. The root cause is an inadequate validation/handling of uploaded files, enabling a remote...

PT-2025-27351 · Code Projects · Code-Projects Simple Forum

Name of the Vulnerable Software and Affected Versions: code-projects Simple Forum version 1.0 Description: A critical issue has been found in the processing of the file /forum1.php, allowing unrestricted upload through the manipulation of the File argument. This can be initiated remotely. The...

PT-2006-3886 · Viart · Viart Shop

Name of the Vulnerable Software and Affected Versions: ViArt Shop Free version 2.5.5 Description: The issue allows remote attackers to inject arbitrary web script or HTML. This can be achieved via the forum id parameter in "forum.php", which is not properly handled in "block forum topics.php", an...