Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
php forum vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2006-4467
Simple Machines Forum (SMF) 1.1RCx prior to 1.1RC3, and 1.0.x prior to 1.0.8, does not properly unset variables when the input data includes a numeric parameter with a value matching an alphanumeric parameter's hash value, which allows remote malicious users to perform direc...
Simple Machines Simple Machines Forum
NA
CVE-2008-3072
Simple Machines Forum (SMF) 1.1.x prior to 1.1.5 and 1.0.x prior to 1.0.13, when running in PHP prior to 4.2.0, does not properly seed the random number generator, which has unknown impact and attack vectors.
Simple Machines Simple Machines Forum
NA
CVE-2004-2588
Intentional information leak in phpinfo.php in XMB (aka extreme message board) 1.9 beta (aka Nexus beta) allows remote malicious users to obtain sensitive information such as the configuration of the web server and the PHP application.
Xmb Software Xmb Forum 1.9 Nexus Beta
NA
CVE-2011-3700
Advanced Electron Forum (AEF) 1.0.8 allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by languages/english/deletetopic_lang.php.
Anelectron Advanced Electron Forum 1.0.8
NA
CVE-2008-6768
Unrestricted file upload vulnerability in admin/editor/images.php in K&S Shopsoftware allows remote malicious users to execute arbitrary PHP code by uploading a file with an executable extension, then accessing it via a direct request to the file in images/upload/.
Shopsystem-forum K\\&s Shopsoftware
1 EDB exploit
NA
CVE-2008-6544
Multiple PHP remote file inclusion vulnerabilities in Simple Machines Forum (SMF) 1.1.4 allow remote malicious users to execute arbitrary PHP code via a URL in the (1) settings[default_theme_dir] parameter to Sources/Subs-Graphics.php and (2) settings[default_theme_dir] parameter...
Simple Machines Simple Machines Forum 1.1.4
1 EDB exploit
NA
CVE-2007-2103
Multiple PHP remote file inclusion vulnerabilities in my little forum 1.7 allow remote malicious users to execute arbitrary PHP code via a URL in the lang parameter to (1) admin.php and (2) timedifference.php.
My Little Homepage My Little Forum 1.7
NA
CVE-2007-3309
Unspecified vulnerability in Simple Machines Forum (SMF) 1.1.2 allows remote malicious users to execute arbitrary PHP code during (1) creation or (2) editing of a message.
Simple Machines Simple Machines Forum 1.1.2
NA
CVE-2003-1547
Cross-site scripting (XSS) vulnerability in block-Forums.php in the Splatt Forum module for PHP-Nuke 6.x allows remote malicious users to inject arbitrary web script or HTML via the subject parameter.
Francisco Burzi Php-nuke 6.5 Beta1
Francisco Burzi Php-nuke 6.5 Rc1
Francisco Burzi Php-nuke 6.5 Rc2
Francisco Burzi Php-nuke 6.5 Rc3
Francisco Burzi Php-nuke 6.5
NA
CVE-2005-2817
Simple Machines Forum (SMF) 1-0-5 and previous versions supports the use of URLs for avatar images, which allows remote malicious users to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.
Simple Machines Simple Machines Forum 1.0.5
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322
cross-site request forgery
unauthorized
CVE-2024-33925
reflected XSS
CVE-2023-51580
CVE-2023-51579
CVE-2015-2051
CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
7
8
9
10
NEXT »