Forums

CVEs (9)

CVE	Vendor / Product	Risk	CVSS	EPSS	Published	Description
CVE-2008-0480	Webwiz Forums	0.04	—	0.04	Jan 29, 2008	Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.
CVE-2008-0466	Webwiz Rich Text Editor	0.04	—	0.05	Jan 29, 2008	Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the…
CVE-2003-1176	Bdc Enterprises Web Wiz Forums	0.04	—	0.07	Dec 31, 2003	post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.
CVE-2008-3391	Minibb Forum	0.03	—	0.02	Jul 31, 2008	Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary web script or HTML via the mode parameter to (1) admin_group_details.asp and (2) admin_category_details.asp.
CVE-2007-1548	Webwiz Forums	0.03	—	0.02	Mar 20, 2007	SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote)…
CVE-2006-0175	Webwiz Forums	0.03	—	0.03	Jan 11, 2006	Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2019-25442	Zingiri Forums	0.00	—	0.00	Feb 22, 2026	Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive…
CVE-2008-3392	Minibb Forum	0.00	—	0.01	Jul 31, 2008	Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp.
CVE-2004-2733	Webwiz Forums	0.00	—	0.01	Dec 31, 2004	Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp.

CVE-2008-0480Jan 29, 2008
Webwiz
Forums
risk 0.04cvss —epss 0.04
Multiple directory traversal vulnerabilities in Web Wiz Forums 9.07 and earlier allow remote attackers to list arbitrary directories, and .txt and .zip files, via a .....\\\ in the sub parameter to (1) RTE_file_browser.asp or (2) file_browser.asp.
CVE-2008-0466Jan 29, 2008
Webwiz
Rich Text Editor
risk 0.04cvss —epss 0.05
Web Wiz RTE_file_browser.asp in, as used in Web Wiz Rich Text Editor 4.0, Web Wiz Forums 9.07, and Web Wiz Newspad 1.02, does not require authentication, which allows remote attackers to list directories and read files. NOTE: this can be leveraged for listings outside the…
CVE-2003-1176Dec 31, 2003
Bdc Enterprises
Web Wiz Forums
risk 0.04cvss —epss 0.07
post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote mode is used, allows remote attackers to read or write to private forums by modifying the FID (forum ID) parameter.
CVE-2008-3391Jul 31, 2008
Minibb
Forum
risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in Web Wiz Forum 9.5 allow remote attackers to inject arbitrary web script or HTML via the mode parameter to (1) admin_group_details.asp and (2) admin_category_details.asp.
CVE-2007-1548Mar 20, 2007
Webwiz
Forums
risk 0.03cvss —epss 0.02
SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via \"' (backslash double-quote quote)…
CVE-2006-0175Jan 11, 2006
Webwiz
Forums
risk 0.03cvss —epss 0.03
Cross-site scripting (XSS) vulnerability in search_form.asp in Web Wiz Forums 6.34 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
CVE-2019-25442Feb 22, 2026
Zingiri
Forums
risk 0.00cvss —epss 0.00
Web Wiz Forums 12.01 contains an SQL injection vulnerability that allows unauthenticated attackers to manipulate database queries by injecting SQL code through the PF parameter. Attackers can send GET requests to member_profile.asp with malicious PF values to extract sensitive…
CVE-2008-3392Jul 31, 2008
Minibb
Forum
risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in Web Wiz Forum 9.5 allows remote attackers to log out a user via a link or IMG tag to log_off_user.asp.
CVE-2004-2733Dec 31, 2004
Webwiz
Forums
risk 0.00cvss —epss 0.01
Web Wiz Forums 7.7a uses invalid logic to determine user privileges, which allows remote attackers to (1) block arbitrary IP addresses via pop_up_ip_blocking.asp or (2) modify topics via pop_up_topic_admin.asp.