CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

The Asgaros Forum WordPress plugin before 1.15.15 does not validate or escape the forumid parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue...

7.2CVSS7.5AI score0.01151EPSS

Exploits2References1

WPVulnDB•added 2021/12/21 12:0 a.m.•18 views

Asgaros Forum < 1.15.15 - Admin+ SQL Injection via forum_id

The plugin does not validate or escape the forumid parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue PoC POST /wp-admin/admin.php?page=asgarosforum-structure HTTP/1.1 Accept:...

7.2CVSS1.8AI score0.01151EPSS

Exploits2References1Affected Software1

NVD•added 2006/06/12 10:2 p.m.•6 views

CVE-2006-2979

Multiple cross-site scripting XSS vulnerabilities in ViArt Shop Free 2.5.5, and possibly other distributions including Light, Standard, and Enterprise, allow remote attackers to inject arbitrary web script or HTML via the 1 forumid parameter in forum.php, which is not properly handled in...

2.6CVSS5.9AI score0.00608EPSS

Exploits0References8

CVE•added 2005/07/10 4:0 a.m.•47 views

CVE-2004-2212

The CVE-2004-2212 entry concerns a SQL injection in AliveSites Forums 2.0. Affected software/component: AliveSites Forums 2.0 (forum.asp). The vulnerability is exposed via the forum_id parameter, allowing remote attackers to execute arbitrary SQL commands. The provided documents confirm the root ...

7.5CVSS8.8AI score0.00963EPSS

Exploits1References6Affected Software1

NVD•added 2004/12/31 5:0 a.m.•7 views

CVE-2004-1518

SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forumid parameter...

4.6CVSS7.9AI score0.00583EPSS

Exploits1References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by