Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
a-forum vulnerabilities and exploits
(subscribe to this query)
7.2
CVSSv3
CVE-2021-25045
The Asgaros Forum WordPress plugin prior to 1.15.15 does not validate or escape the forum_id parameter before using it in a SQL statement when editing a forum, leading to an SQL injection issue
Asgaros Asgaros Forum
NA
CVE-2006-6934
Multiple cross-site scripting (XSS) vulnerabilities in Portix-PHP 0.4.2 allow remote malicious users to inject arbitrary web script or HTML via the (1) titre or (2) auteur field in a forum post.
Portix-php Portix-php 0.4.2
4.3
CVSSv3
CVE-2021-32472
Teachers exporting a forum in CSV format could receive a CSV of forums from all courses in some circumstances. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6 and 3.8 to 3.8.8 are affected.
Moodle Moodle
NA
CVE-2014-7834
mod/forum/externallib.php in Moodle 2.6.x prior to 2.6.6 and 2.7.x prior to 2.7.3 does not verify group permissions, which allows remote authenticated users to access a forum via the forum_get_discussions web service.
Moodle Moodle 2.5.0
Moodle Moodle 2.6.0
Moodle Moodle 2.6.1
Moodle Moodle 2.6.2
Moodle Moodle 2.5.8
Moodle Moodle 2.5.7
Moodle Moodle 2.5.6
Moodle Moodle 2.5.5
Moodle Moodle 2.7.2
Moodle Moodle
Moodle Moodle 2.5.4
Moodle Moodle 2.5.2
Moodle Moodle 2.6.4
Moodle Moodle 2.7.0
Moodle Moodle 2.5.3
Moodle Moodle 2.5.1
Moodle Moodle 2.6.3
Moodle Moodle 2.6.5
Moodle Moodle 2.7.1
NA
CVE-2008-2651
SQL injection vulnerability in the Joomla! Bulletin Board (aka Joo!BB or com_joobb) component 0.5.9 for Joomla! allows remote malicious users to execute arbitrary SQL commands via the forum parameter in a forum action to index.php.
Joomla Com Joobb 0.5.9
1 EDB exploit
NA
CVE-2005-0628
Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 allow remote malicious users to inject arbitrary web script or HTML via (1) the keyword parameter in search.php or the (2) body or (3) subject of a forum message.
Demof Forumwa V1
NA
CVE-2006-2188
Multiple cross-site scripting (XSS) vulnerabilities in CMScout 1.10 and previous versions allow remote malicious users to inject arbitrary web script or HTML via (1) the Body field of a private message (PM), (2) BBCode, or (3) a forum post.
Cmscout Cmscout
NA
CVE-2009-2355
The forum module in NullLogic Groupware 1.2.7 allows remote authenticated users to cause a denial of service (application crash) by specifying (1) an empty string or (2) a non-numeric string when selecting a forum, related to the fmessagelist function.
Dan Cahill Nulllogic Groupware 1.2.7
NA
CVE-2006-2333
Multiple SQL injection vulnerabilities in MyBB (aka MyBulletinBoard) 1.1.1 allow remote malicious users to execute arbitrary SQL commands via the e-mail address when registering for a forum that requires e-mail verification, which is not properly handled in (1) usercp.php and (2)...
Mybulletinboard Mybulletinboard 1.1.1
NA
CVE-2012-3392
mod/forum/unsubscribeall.php in Moodle 2.1.x prior to 2.1.7 and 2.2.x prior to 2.2.4 does not consider whether a forum is optional, which allows remote authenticated users to bypass forum-subscription requirements by leveraging the student role and unsubscribing from all forums.
Moodle Moodle 2.1.3
Moodle Moodle 2.1.0
Moodle Moodle 2.2.3
Moodle Moodle 2.2.2
Moodle Moodle 2.1.5
Moodle Moodle 2.1.4
Moodle Moodle 2.2.1
Moodle Moodle 2.2.0
Moodle Moodle 2.1.2
Moodle Moodle 2.1.6
Moodle Moodle 2.1.1
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693
CVE-2024-30851
CVE-2024-34460
CVE-2024-2887
local
CVE-2024-27956
remote code execution
CVE-2024-34475
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »