Ilia Alshanetsky: >> Fudforum >> 2.2.1 Security Vulnerabilities
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
CVSS Score
2.6
EPSS Score
0.003
Published
2013-08-16
The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.
CVSS Score
7.5
EPSS Score
0.013
Published
2005-09-02