Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Discuz Security Vulnerabilities

cve
cve

CVE-2006-5561

SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie.

8.7AI Score

0.002EPSS

2006-10-27 04:07 PM
18
cve
cve

CVE-2008-6957

member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.

7.1AI Score

0.095EPSS

2009-08-12 10:30 AM
22
cve
cve

CVE-2010-4912

SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action.

8.6AI Score

0.001EPSS

2011-10-08 10:55 AM
22
cve
cve

CVE-2018-10297

Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.

5.4CVSS

5.2AI Score

0.001EPSS

2022-10-03 04:22 PM
18
cve
cve

CVE-2018-10298

Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.

5.4CVSS

5.2AI Score

0.001EPSS

2022-10-03 04:22 PM
24
cve
cve

CVE-2018-5259

Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.

8.8CVSS

8.1AI Score

0.002EPSS

2018-01-08 09:29 AM
26
cve
cve

CVE-2018-5331

Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.

5.4CVSS

5.2AI Score

0.001EPSS

2018-01-10 09:29 AM
17
cve
cve

CVE-2018-5375

Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.

6.1CVSS

5.9AI Score

0.001EPSS

2022-10-03 04:22 PM
21
cve
cve

CVE-2018-5376

Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.

6.1CVSS

6AI Score

0.001EPSS

2022-10-03 04:22 PM
20
cve
cve

CVE-2018-5377

Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.

9.8CVSS

9.3AI Score

0.003EPSS

2022-10-03 04:22 PM
38
cve
cve

CVE-2020-36828

A vulnerability was found in DiscuzX up to 3.4-20200818. It has been classified as problematic. Affected is the function show_next_step of the file upload/install/include/install_function.php. The manipulation of the argument uchidden leads to cross site scripting. It is possible to launch the atta...

3.5CVSS

4AI Score

0.0004EPSS

2024-03-31 09:15 AM
30
cve
cve

CVE-2022-45543

Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.

6.1CVSS

6.2AI Score

0.001EPSS

2023-02-15 09:15 PM
17