Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php forum vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-4467
Simple Machines Forum (SMF) 1.1RCx prior to 1.1RC3, and 1.0.x prior to 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote malicious users to perform direc...
Simple Machines Simple Machines Forum
7.5
CVSSv2
CVE-2008-3072
Simple Machines Forum (SMF) 1.1.x prior to 1.1.5 and 1.0.x prior to 1.0.13, when running in PHP prior to 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors.
Simple Machines Simple Machines Forum
5
CVSSv2
CVE-2011-3700
Advanced Electron Forum (AEF) 1.0.8 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by languages/english/deletetopic_lang.php.
Anelectron Advanced Electron Forum 1.0.8
5
CVSSv2
CVE-2004-2588
Intentional information leak in phpinfo.php in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allows remote malicious users to obtain sensitive information such as the configuration of the web server and the PHP application.
Xmb Software Xmb Forum 1.9 Nexus Beta
6.8
CVSSv2
CVE-2008-6768
Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote malicious users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/.
Shopsystem-forum K\\&s Shopsoftware
1 EDB exploit
7.5
CVSSv2
CVE-2008-6544
Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter...
Simple Machines Simple Machines Forum 1.1.4
1 EDB exploit
7.5
CVSSv2
CVE-2007-2103
Multiple PHP remote file inclusion vulnerabilities in my little forum 1.7 allow remote malicious users to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php and (2) timedifference.php.
My Little Homepage My Little Forum 1.7
7.5
CVSSv2
CVE-2007-3309
Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote malicious users to execute arbitrary PHP code during (1) creation or (2) editing of a message.
Simple Machines Simple Machines Forum 1.1.2
4.3
CVSSv2
CVE-2003-1547
Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote malicious users to inject arbitrary web script or HTML via the subject parameter.
Francisco Burzi Php-nuke 6.5 Beta1
Francisco Burzi Php-nuke 6.5 Rc1
Francisco Burzi Php-nuke 6.5 Rc2
Francisco Burzi Php-nuke 6.5 Rc3
Francisco Burzi Php-nuke 6.5
5
CVSSv2
CVE-2005-2817
Simple Machines Forum (SMF) 1-0-5 and previous versions supports the use of URLs for avatar images, which allows remote malicious users to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.
Simple Machines Simple Machines Forum 1.0.5
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975
CVE-2024-2961
CVE-2024-20380
XML injection
HTML injection
CVE-2024-29204
CVE-2023-51795
memory leak
CVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »