VYPR

Online Discussion Forum

by Itsourcecode

CVEs (11)

  • CVE-2024-37869HigOct 4, 2024
    risk 0.57cvss 8.8epss 0.01

    File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "poster.php" file, and the uploaded file was received using the "$- FILES" variable

  • CVE-2024-37868HigOct 4, 2024
    risk 0.57cvss 8.8epss 0.01

    File Upload vulnerability in Itsourcecode Online Discussion Forum Project v.1.0 allows a remote attacker to execute arbitrary code via the "sendreply.php" file, and the uploaded file was received using the "$- FILES" variable.

  • CVE-2025-10800HigSep 22, 2025
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in itsourcecode Online Discussion Forum 1.0. The impacted element is an unknown function of the file /index.php. Executing manipulation of the argument email/password can lead to sql injection. The attack can be executed remotely. The exploit has…

  • CVE-2025-10668HigSep 18, 2025
    risk 0.47cvss 7.3epss 0.00

    A security vulnerability has been detected in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file /members/compose_msg_admin.php. Such manipulation of the argument ID leads to sql injection. The attack may be performed from remote. The exploit has…

  • CVE-2025-10667HigSep 18, 2025
    risk 0.47cvss 7.3epss 0.00

    A weakness has been identified in itsourcecode Online Discussion Forum 1.0. Affected by this issue is some unknown functionality of the file /members/compose_msg.php. This manipulation of the argument ID causes sql injection. The attack is possible to be carried out remotely.…

  • CVE-2025-10068HigSep 7, 2025
    risk 0.47cvss 7.3epss 0.00

    A flaw has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin/admin_forum/add_views.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploit has…

  • CVE-2025-10033HigSep 6, 2025
    risk 0.47cvss 7.3epss 0.00

    A vulnerability has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown function of the file /admin. Such manipulation of the argument Username leads to sql injection. The attack may be performed from remote. The exploit has been disclosed to the…

  • CVE-2024-5733HigJun 7, 2024
    risk 0.47cvss 7.3epss 0.01

    A vulnerability was found in itsourcecode Online Discussion Forum 1.0. It has been rated as critical. This issue affects some unknown processing of the file register_me.php. The manipulation of the argument eaddress leads to sql injection. The attack may be initiated remotely.…

  • CVE-2024-5734MedJun 7, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely.…

  • CVE-2024-5518MedMay 30, 2024
    risk 0.41cvss 6.3epss 0.01

    A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack…

  • CVE-2024-52676MedDec 4, 2024
    risk 0.35cvss 5.4epss 0.00

    Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via /bcc_forum/members/home.php.