Search
Total
10 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2022-31854 | 1 Codologic | 1 Codoforum | 2022-07-21 | 6.5 MEDIUM | 7.2 HIGH |
| Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. | |||||
| CVE-2020-13873 | 1 Codologic | 1 Codoforum | 2021-05-20 | 10.0 HIGH | 9.8 CRITICAL |
| A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on the operating system.) | |||||
| CVE-2020-5306 | 1 Codologic | 1 Codoforum | 2020-09-18 | 3.5 LOW | 4.8 MEDIUM |
| Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. | |||||
| CVE-2020-7050 | 1 Codologic | 1 Codoforum | 2020-02-20 | 3.5 LOW | 5.4 MEDIUM |
| Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts. | |||||
| CVE-2020-9007 | 1 Codologic | 1 Codoforum | 2020-02-18 | 3.5 LOW | 5.4 MEDIUM |
| Codoforum 4.8.8 allows self-XSS via the title of a new topic. | |||||
| CVE-2020-7051 | 1 Codologic | 1 Codoforum | 2020-02-18 | 4.3 MEDIUM | 6.1 MEDIUM |
| Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover. | |||||
| CVE-2014-9261 | 1 Codologic | 1 Codoforum | 2020-02-18 | 5.0 MEDIUM | N/A |
| The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php. | |||||
| CVE-2020-5842 | 1 Codologic | 1 Codoforum | 2020-01-09 | 4.3 MEDIUM | 6.1 MEDIUM |
| Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page. | |||||
| CVE-2020-5305 | 1 Codologic | 1 Codoforum | 2020-01-08 | 3.5 LOW | 4.8 MEDIUM |
| Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen. | |||||
| CVE-2020-5843 | 1 Codologic | 1 Codoforum | 2020-01-08 | 3.5 LOW | 4.8 MEDIUM |
| Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen. | |||||