Codologic: >> Codoforum >> 4.8.8 Security Vulnerabilities
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on the operating system.)
CVSS Score
9.8
EPSS Score
0.128
Published
2021-05-12
Codoforum 4.8.8 allows self-XSS via the title of a new topic.
CVSS Score
5.4
EPSS Score
0.003
Published
2020-02-16