Lucene search
K
AnelectronAdvanced Electron Forum

6 matches found

CVE
CVE
added 2008/11/14 7:0 p.m.55 views

CVE-2008-5090

The CVE-2008-5090 entry affects Electron Inc. Advanced Electron Forum versions prior to 1.0.7. The vulnerability arises when PHP code embedded in bbcode within the email parameter is processed by preg_replace with the eval switch, allowing remote attackers to execute arbitrary PHP code. This desc...

10CVSS7.6AI score0.04635EPSS
CVE
CVE
added 2008/04/27 8:0 p.m.47 views

CVE-2008-1983

CVE-2008-1983 : In Advanced Electron Forum (AEF) 1.0.6, a Cross-site Scripting (XSS) vulnerability exists that allows remote attackers to inject arbitrary web script or HTML via the beg parameter in a members action to index.php. The provided sources state the issue but do not include exploitatio...

4.3CVSS5.7AI score0.01452EPSS
CVE
CVE
added 2018/06/29 2:0 p.m.47 views

CVE-2018-13000

AEF (Advanced Electron Forum) v1.0.9 contains a persistent Cross‑Site Scripting (XSS) vulnerability in the Private Message module, originating from unsanitized content in the FTP Link editor. A remote attacker with restricted privileges can inject a script payload via the editor’s FTP Link elemen...

4.8CVSS5.3AI score0.00935EPSS
Web
CVE
CVE
added 2009/07/20 7:25 p.m.46 views

CVE-2009-2546

Directory traversal in Advanced Electron Forum (AEF) 1.x allows remote attackers to determine whether arbitrary files exist via the avatargalfile parameter when changing an avatar, causing information disclosure through error messages. No patch or remediation is stated in the provided documents.

4.3CVSS6.7AI score0.01312EPSS
CVE
CVE
added 2011/09/23 11:0 p.m.42 views

CVE-2011-3700

Vulnerability: CVE-2011-3700 in Advanced Electron Forum (AEF) 1.0.8. Issue: Remote attackers can disclose sensitive information by making a direct request to a PHP file (languages/english/deletetopic_lang.php), causing an error message that reveals the installation path. Impact: Information discl...

5CVSS6.3AI score0.01335EPSS
CVE
CVE
added 2009/07/20 7:25 p.m.41 views

CVE-2009-2545

CVE-2009-2545 describes an SQL injection in Advanced Electron Forum (AEF) 1.x when magic_quotes_gpc is disabled. The vulnerability allows remote attackers to inject arbitrary SQL through the filename field of an uploaded attachment. The available documents confirm the affected software and the un...

6.8CVSS8.3AI score0.00988EPSS