Unrated severityNVD Advisory· Published Nov 12, 2019· Updated Aug 5, 2024
CVE-2019-18873
CVE-2019-18873
Description
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- FUDForum/FUDForumdescription
Patches
Vulnerability mechanics
References
1- sourceforge.net/p/fudforum/code/6321/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.