Codologic: >> Codoforum >> 4.8.3 Security Vulnerabilities
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on the operating system.)
CVSS Score
9.8
EPSS Score
0.128
Published
2021-05-12
Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts.
CVSS Score
5.4
EPSS Score
0.002
Published
2020-02-15
Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover.
CVSS Score
6.1
EPSS Score
0.003
Published
2020-02-13
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for example, executed on the admin/index.php?page=users/manage page.
CVSS Score
6.1
EPSS Score
0.018
Published
2020-01-07
Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.
CVSS Score
4.8
EPSS Score
0.004
Published
2020-01-07
Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen.
CVSS Score
4.8
EPSS Score
0.004
Published
2020-01-05
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.
CVSS Score
4.8
EPSS Score
0.005
Published
2020-01-05