Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
leszek krupinski l-forum 2.4.0 vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2002-1457
SQL injection vulnerability in search.php for L-Forum 2.40 allows remote malicious users to execute arbitrary SQL statements via the search parameter.
Leszek Krupinski L-forum 2.4.0
1 EDB exploit
NA
CVE-2002-1458
Cross-site scripting vulnerability in L-Forum 2.40 and previous versions, when the "Enable HTML in messages" option is on, allows remote malicious users to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, (3) Subject and (4) Body.
Leszek Krupinski L-forum 2.4.0
NA
CVE-2002-1459
Cross-site scripting vulnerability in L-Forum 2.40 and previous versions, when the "Enable HTML in messages" option is off, allows remote malicious users to insert arbitrary script or HTML via message fields including (1) From, (2) E-Mail, and (3) Subject.
Leszek Krupinski L-forum 2.4.0
NA
CVE-2002-1460
L-Forum 2.40 and previous versions does not properly verify whether a file was uploaded or if the associated variables were set by POST (attachment, attachment_name, attachment_size and attachment_type), which allows remote malicious users to read arbitrary files.
Leszek Krupinski L-forum 2.4.0
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
bypass
open redirect
CVE-2024-4358
CVE-2024-24199
CVE-2024-5550
CVE-2024-5305
CVE-2024-30373
CVE-2024-1800
deserialization
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started