CVE-2025-10790

A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. This affects an unknown function of the file /ajax.php?action=savecategory. The manipulation of the argument Description results in sql injection. The attack can be executed remotely. The exploit has been...

CVE-2025-10790 SourceCodester Simple Forum Discussion System ajax.php sql injection

A security flaw has been discovered in SourceCodester Simple Forum Discussion System 1.0. This affects an unknown function of the file /ajax.php?action=savecategory. The manipulation of the argument Description results in sql injection. The attack can be executed remotely. The exploit has been...

CVE-2025-10100 SourceCodester Simple Forum Discussion System admin_class.php sql injection

A vulnerability was detected in SourceCodester Simple Forum Discussion System 1.0. This impacts an unknown function of the file /adminclass.php?action=login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is n...

CVE-2024-9032

A vulnerability, which was classified as critical, was found in SourceCodester Simple Forum-Discussion System 1.0. Affected is an unknown function of the file /index.php. The manipulation of the argument page leads to path traversal. It is possible to launch the attack remotely. The exploit has...

DS-Java 安全漏洞

DS-Java is a forum system built on SSH Struts2+Spring+Hibernate by sixteen individual developers. A security vulnerability exists in DS-Java version 1.0, which stems from vulnerability to cross-site request forgery attacks...

Simple Forum-Discussion System 路径遍历漏洞

Simple Forum-Discussion System is a simple forum/discussion system. A path traversal vulnerability exists in version 1.0 of the Simple Forum-Discussion System due to a path traversal vulnerability in the page parameter of the /index.php file...

HadSky Code Issues Vulnerabilities

HadSky is an original open source php light forum system from China's HadSky company. A security vulnerability exists in HadSky version v7.12.10, which stems from an arbitrary file upload vulnerability that allows an attacker to execute arbitrary code via a crafted file...

Uscat 跨站脚本漏洞

Uscat is a forum system based on Javaex + Ssm development. A cross-site scripting vulnerability exists in uscat, which stems from an input box via statistical code that is susceptible to cross-site scripting XSS attacks...

CVE-2021-45252

Multiple SQL injection vulnerabilities are found on Simple Forum-Discussion System 1.0 For example on three applications which are managetopic.php, manageuser.php, and ajax.php. The attacker can be retrieving all information from the database of this system by using this vulnerability...

Simple Forum-Discussion System SQL注入漏洞

Simple Forum-Discussion System is a simple forum/discussion system. SQL injection vulnerability exists in Simple Forum-Discussion System, which originates in various components such as manage topic.php, manage user.php and ajax.php. Lack of validation of externally entered SQL statements. An...

Command Execution Vulnerability in Patrol Cloud Light Forum System (CNVD-2022-01416)

Cruise cloud light forum system contains forums, Q&A module, using JAVA MYSQL architecture. A command execution vulnerability exists in the Patrol Cloud Light Forum system, which can be exploited by an attacker to gain server control privileges...

GNUBOARD5 跨站脚本漏洞

GNUBOARD5 is a PHP and MySQL based web forum system. A cross-site scripting vulnerability exists in gnuboard5 that stems from the susceptibility to incorrect input during web page generation...

Nodebb licensing issue vulnerability

NodeBB is a forum system built by the Design Create Play team using Node.js, a web application platform built on top of Google's V8 JavaScript engine. an authorization issue vulnerability exists in Nodebb, which stems from a faulty token authentication logic in the product, and could be exploited...

Nodebb path traversal vulnerability

NodeBB is a forum system built by the Design Create Play team using Node.js, a web application platform built on top of Google's V8 JavaScript engine. Nodebb is vulnerable to a path traversal vulnerability that could be exploited to access locations outside of restricted directories...

zibbs cross-site scripting vulnerability

zibbs is a php light forum system developed on bootstrap. zibbs version 1.0 has a cross-site scripting vulnerability in application/controllers/AdminController.php. An attacker can exploit this vulnerability to execute arbitrary code via the bbsmeta parameter...

File Upload Vulnerability in TaoLer

TaoLer is a simple and fast lightweight forum system for individuals or organizations to exchange information on a regional basis. A file upload vulnerability exists in TaoLer, which can be exploited by an attacker to gain control of the server...

GNUBOARD5 cross-site scripting vulnerability (CNVD-2021-45753)

GNUBOARD5 is a Web forum system based on PHP and MySQL. A cross-site scripting vulnerability exists in GNUBOARD5 5.3.2.8 and earlier versions. The vulnerability can be exploited to conduct cross-site scripting attacks via the act parameter in bbs/moveupdate.php...

Arbitrary File Read Vulnerability in the javaee Forum System of Beijing Weike Tongshuo Technology Co.

Beijing Weike Tongshuo Technology Co., Ltd. is a professional enterprise that provides Internet full integrated marketing services for large enterprises and organizations. There is an arbitrary file reading vulnerability in the javaee forum system of Beijing Microcomputer Technology Co. Ltd, whic...

PunBB Cross-Site Scripting Vulnerability (CNVD-2021-22158)

PunBB is a lightweight PHP-based forum system distributed under the GNU General Public License. A cross-site scripting vulnerability exists in the email BBcode tag in versions of PunBB prior to 1.4.6. An attacker can exploit this vulnerability to inject arbitrary JavaScript into any forum message...

GNUBOARD5 Cross-Site Scripting Vulnerability (CNVD-2019-24212)

GNUBOARD5 is a Web forum system based on PHP and MySQL. A cross-site scripting vulnerability exists in GNUBOARD5 version 5.3.1.9. The vulnerability stems from a lack of proper validation of client-side data by the WEB application. An attacker can exploit this vulnerability to execute client-side...