Zoneo-Soft: >> Freeforum >> 1.1 Security Vulnerabilities
Direct static code injection vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to execute arbitrary PHP code via the (1) X-Forwarded-For and (2) Client-Ip HTTP headers, which are stored in Data/flood.db.php.
CVSS Score
7.5
EPSS Score
0.012
Published
2006-03-02
Cross-site scripting (XSS) vulnerability in func.inc.php in ZoneO-Soft freeForum before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via the (1) name and (2) subject parameters.
CVSS Score
4.3
EPSS Score
0.006
Published
2006-03-02