Adnforum
by Adn Forum
CVEs (3)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-6001 | 0.03 | — | 0.02 | Jan 28, 2009 | index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string. | |||
| CVE-2006-0123 | 0.03 | — | 0.03 | Jan 9, 2006 | Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors. | |||
| CVE-2006-0124 | 0.00 | — | 0.01 | Jan 9, 2006 | Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field. |
- CVE-2008-6001Jan 28, 2009risk 0.03cvss —epss 0.02
index.php in ADN Forum 1.0b and earlier allows remote attackers to bypass authentication and gain sysop access via a fpusuario cookie composed of an initial sysop: string, an arbitrary password field, and a final :sysop:0 string.
- CVE-2006-0123Jan 9, 2006risk 0.03cvss —epss 0.03
Multiple SQL injection vulnerabilities in ADN Forum 1.0b allow remote attackers to execute arbitrary SQL commands via the (1) fid parameter in index.php and (2) pagid parameter in verpag.php, and possibly other vectors.
- CVE-2006-0124Jan 9, 2006risk 0.00cvss —epss 0.01
Cross-site scripting (XSS) vulnerability in crear.php in ADN Forum 1.0b allows remote attackers to inject arbitrary web script or HTML via the titulo parameter, which is used by the "Topic name" field.