Published: 13/11/2019 Updated: 15/11/2019

CVSS v2 Base Score: 8.5 | Impact Score: 10 | Exploitability Score: 6.8

CVSS v3 Base Score: 9 | Impact Score: 6 | Exploitability Score: 2.3

VMScore: 756

Vector: AV:N/AC:M/Au:S/C:C/I:C/A:C

FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fudforum fudforum 3.0.9

FUDForum version 309 suffers from remote code execution and stored cross site scripting vulnerabilities ...

FUDForum 3.0.9 - XSS / Remote Code Execution (CVE-2019-18873, CVE-2019-18839)

FUDforum-XSS-RCE FUDForum 309 - XSS / Remote Code Execution (CVE-2019-18873, CVE-2019-18839) Multiple Stored XSS vulnerabilities have been found in FUDforum 309 that can result in remote code execution Stored XSS via username in forum: Info | Demo Stored XSS via useragent in admin panel: Info | Demo

CWE-79 CWE-78 https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html https://github.com/fuzzlove/FUDforum-XSS-RCE https://nvd.nist.gov https://github.com/fuzzlove/FUDforum-XSS-RCE https://packetstormsecurity.com/files/155261/FUDForum-3.0.9-Code-Execution-Cross-Site-Scripting.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2019-18839

Vulnerability Summary

Vulnerability Trend

Exploits

Github Repositories

References

Vulmon Search

About

Products

Connect