Shodan
Vulnerabilities
Vulnerable Software
Fudforum:  Security Vulnerabilities
CVE-2024-30950
A stored cross-site scripting (XSS) vulnerability in FUDforum v3.1.3 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the SQL statements field under /adm/admsql.php.
CVSS Score
3.5
EPSS Score
0.001
Published
2024-04-17
CVE-2024-30951
FUDforum v3.1.3 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the chpos parameter at /adm/admsmiley.php.
CVSS Score
6.1
EPSS Score
0.002
Published
2024-04-17
CVE-2022-30860
FUDforum 3.1.2 is vulnerable to Remote Code Execution through Upload File feature of File Administration System in Admin Control Panel.
CVSS Score
7.2
EPSS Score
0.112
Published
2022-06-06
CVE-2022-30861
FUDforum 3.1.2 is vulnerable to Stored XSS via Forum Name field in Forum Manager Feature.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-06-06
CVE-2022-30863
FUDForum 3.1.2 is vulnerable to Cross Site Scripting (XSS) via page_title param in Page Manager in the Admin Control Panel.
CVSS Score
4.8
EPSS Score
0.002
Published
2022-06-06
CVE-2022-28545
FUDforum 3.1.1 is vulnerable to Stored XSS.
CVSS Score
5.4
EPSS Score
0.002
Published
2022-05-06
CVE-2021-27519
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "srch" parameter.
CVSS Score
6.1
EPSS Score
0.038
Published
2021-03-19
CVE-2021-27520
A cross-site scripting (XSS) issue in FUDForum 3.1.0 allows remote attackers to inject JavaScript via index.php in the "author" parameter.
CVSS Score
6.1
EPSS Score
0.011
Published
2021-03-19
CVE-2013-2267
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.
CVSS Score
7.2
EPSS Score
0.128
Published
2020-01-27
CVE-2019-18839
FUDForum 3.0.9 is vulnerable to Stored XSS via the nlogin parameter. This may result in remote code execution. An attacker can use a user account to fully compromise the system using a POST request. When the admin visits the user information, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server.
CVSS Score
9.0
EPSS Score
0.019
Published
2019-11-13


Products
Pricing
Contact Us

Shodan ® - All rights reserved