Ilia Alshanetsky: >> Fudforum >> 2.0.2 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
CVSS Score
2.6
EPSS Score
0.003
Published
2013-08-16
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.
CVSS Score
7.5
EPSS Score
0.007
Published
2003-04-11
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.
CVSS Score
5.0
EPSS Score
0.063
Published
2003-04-11
tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.
CVSS Score
5.0
EPSS Score
0.076
Published
2003-04-11