Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
fudforum vulnerabilities and exploits
(subscribe to this query)
9
CVSSv3
CVE-2019-18873
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the c...
Fudforum Fudforum 3.0.9
1 EDB exploit
1 Github repository
NA
CVE-2002-1422
admbrowse.php in FUDforum prior to 2.2.0 allows remote malicious users to create or delete files via URL-encoded pathnames in the cur and dest parameters.
Ilia Alshanetsky Fudforum 1.2.8
Ilia Alshanetsky Fudforum 1.9.8
Ilia Alshanetsky Fudforum 2.0.2
1 EDB exploit
NA
CVE-2002-1421
SQL injection vulnerabilities in FUDforum prior to 2.2.0 allow remote malicious users to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.
Ilia Alshanetsky Fudforum 1.9.8
Ilia Alshanetsky Fudforum 2.0.2
Ilia Alshanetsky Fudforum 1.2.8
NA
CVE-2002-1423
tmp_view.php in FUDforum prior to 2.2.0 allows remote malicious users to read arbitrary files via an absolute pathname in the file parameter.
Ilia Alshanetsky Fudforum 1.9.8
Ilia Alshanetsky Fudforum 2.0.2
Ilia Alshanetsky Fudforum 1.2.8
1 EDB exploit
NA
CVE-2005-2600
FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote malicious users to read private posts via a modified mid parameter.
Ilia Alshanetsky Fudforum 2.6.15
NA
CVE-2024-30951
FUDforum v3.1.3 exists to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php.
NA
CVE-2024-30950
A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows malicious users to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-29895
blind SQL injection
CVE-2024-5064
CVE-2023-52677
CVE-2023-52682
CVE-2024-30051
CVE-2024-35849
remote attackers
remote
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2