Shodan
Vulnerabilities
Vulnerable Software
Fudforum:  >> Fudforum  Security Vulnerabilities
CVE-2024-30950
A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php.
CVSS Score
3.5
EPSS Score
0.004
Published
2024-04-17
CVE-2024-30951
FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php.
CVSS Score
6.1
EPSS Score
0.004
Published
2024-04-17
CVE-2022-30860
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel.
CVSS Score
7.2
EPSS Score
0.23
Published
2022-06-06
CVE-2022-30861
FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature.
CVSS Score
4.8
EPSS Score
0.005
Published
2022-06-06
CVE-2022-30863
FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel.
CVSS Score
4.8
EPSS Score
0.005
Published
2022-06-06
CVE-2022-28545
FUDforum 3.1.1 is vulnerable to Stored XSS.
CVSS Score
5.4
EPSS Score
0.004
Published
2022-05-06
CVE-2021-27519
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.
CVSS Score
6.1
EPSS Score
0.076
Published
2021-03-19
CVE-2021-27520
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.
CVSS Score
6.1
EPSS Score
0.064
Published
2021-03-19
CVE-2013-2267
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.
CVSS Score
7.2
EPSS Score
0.088
Published
2020-01-27
CVE-2019-18839
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
CVSS Score
9.0
EPSS Score
0.054
Published
2019-11-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved