Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
Max CVSS
2.6
EPSS Score
0.19%
Published
2013-08-16
Updated
2019-11-25
The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.
Max CVSS
7.5
EPSS Score
2.23%
Published
2005-09-02
Updated
2018-10-19
FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter.
Max CVSS
5.0
EPSS Score
1.29%
Published
2005-08-17
Updated
2008-09-05
tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.
Max CVSS
5.0
EPSS Score
1.91%
Published
2003-04-11
Updated
2008-09-05
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.
Max CVSS
5.0
EPSS Score
2.14%
Published
2003-04-11
Updated
2008-09-05
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.
Max CVSS
7.5
EPSS Score
0.22%
Published
2003-04-11
Updated
2008-09-05
6 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!