CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2022-26173

JForum v2.8.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via http://target_host:port/jforum-2.8.0/jforum.page, which allows attackers to arbitrarily add admin accounts.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 47.9%

CVSS Severity

CVSS v3 Score 8.8

CVSS v2 Score 6.8

References

http://jforum.com
https://community.jforum.net/posts/list/248.page
https://github.com/WULINPIN/CVE/blob/main/JForum/poc.html
https://jforum.net/
https://sourceforge.net/p/jforum2/wiki2/NewFeatures281/
http://jforum.com
https://community.jforum.net/posts/list/248.page
https://github.com/WULINPIN/CVE/blob/main/JForum/poc.html
https://jforum.net/
https://sourceforge.net/p/jforum2/wiki2/NewFeatures281/

Products affected by CVE-2022-26173

Jforum » Jforum » Version: 2.8.0

cpe:2.3:a:jforum:jforum:2.8.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2022-26173

Products

Pricing

Contact Us