6 matches found
CVE-2008-5090
The CVE-2008-5090 entry affects Electron Inc. Advanced Electron Forum versions prior to 1.0.7. The vulnerability arises when PHP code embedded in bbcode within the email parameter is processed by preg_replace with the eval switch, allowing remote attackers to execute arbitrary PHP code. This desc...
CVE-2008-1983
CVE-2008-1983 : In Advanced Electron Forum (AEF) 1.0.6, a Cross-site Scripting (XSS) vulnerability exists that allows remote attackers to inject arbitrary web script or HTML via the beg parameter in a members action to index.php. The provided sources state the issue but do not include exploitatio...
CVE-2018-13000
AEF (Advanced Electron Forum) v1.0.9 contains a persistent Cross‑Site Scripting (XSS) vulnerability in the Private Message module, originating from unsanitized content in the FTP Link editor. A remote attacker with restricted privileges can inject a script payload via the editor’s FTP Link elemen...
CVE-2009-2546
Directory traversal in Advanced Electron Forum (AEF) 1.x allows remote attackers to determine whether arbitrary files exist via the avatargalfile parameter when changing an avatar, causing information disclosure through error messages. No patch or remediation is stated in the provided documents.
CVE-2011-3700
Vulnerability: CVE-2011-3700 in Advanced Electron Forum (AEF) 1.0.8. Issue: Remote attackers can disclose sensitive information by making a direct request to a PHP file (languages/english/deletetopic_lang.php), causing an error message that reveals the installation path. Impact: Information discl...
CVE-2009-2545
CVE-2009-2545 describes an SQL injection in Advanced Electron Forum (AEF) 1.x when magic_quotes_gpc is disabled. The vulnerability allows remote attackers to inject arbitrary SQL through the filename field of an uploaded attachment. The available documents confirm the affected software and the un...