VYPR

Freeforum

by Codeavalanche

CVEs (3)

  • CVE-2008-5932Jan 21, 2009
    risk 0.03cvss epss 0.06

    CodeAvalanche FreeForum stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file containing the password via a direct request for _private/CAForum.mdb. NOTE: some of these details are obtained…

  • CVE-2006-2927Jun 9, 2006
    risk 0.00cvss epss 0.01

    Multiple cross-site scripting (XSS) vulnerabilities in post.asp in CodeAvalanche FreeForum (aka CAForum) 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) msg_subject and (2) msg_body parameters. NOTE: The provenance of this information is unknown;…

  • CVE-2006-2822Jun 5, 2006
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in admin/default.asp in Dusan Drobac CodeAvalanche FreeForum (aka CAForum) 1.0 allows remote attackers to execute arbitrary SQL commands via the password parameter.