Discuz\!
by Discuz
CVEs (21)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-5377 | Cri | 0.64 | 9.8 | 0.02 | Jan 12, 2018 | Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter. | ||
| CVE-2018-14729 | Hig | 0.58 | 8.8 | 0.11 | May 22, 2019 | The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code. | ||
| CVE-2018-5259 | Hig | 0.57 | 8.8 | 0.02 | Jan 8, 2018 | Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter. | ||
| CVE-2018-20423 | Hig | 0.53 | 8.1 | 0.01 | Dec 24, 2018 | Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string. | ||
| CVE-2018-20422 | Hig | 0.53 | 8.1 | 0.01 | Dec 24, 2018 | Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which… | ||
| CVE-2026-49954 | Hig | 0.47 | 7.2 | 0.01 | Jun 15, 2026 | Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute.… | ||
| CVE-2026-49953 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a… | ||
| CVE-2022-45543 | Med | 0.40 | 6.1 | 0.01 | Feb 15, 2023 | Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search. | ||
| CVE-2018-5376 | Med | 0.40 | 6.1 | 0.01 | Jan 12, 2018 | Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter. | ||
| CVE-2018-5375 | Med | 0.40 | 6.1 | 0.01 | Jan 12, 2018 | Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action. | ||
| CVE-2018-20424 | Med | 0.38 | 5.9 | 0.01 | Dec 24, 2018 | Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the common_member_wechatmp data structure via an ac=unbindmp request to plugin.php. | ||
| CVE-2018-10298 | Med | 0.35 | 5.4 | 0.01 | Apr 22, 2018 | Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content. | ||
| CVE-2018-10297 | Med | 0.35 | 5.4 | 0.01 | Apr 22, 2018 | Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images. | ||
| CVE-2018-5331 | Med | 0.35 | 5.4 | 0.01 | Jan 10, 2018 | Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | ||
| CVE-2020-36828 | Low | 0.16 | 3.5 | 0.00 | Mar 31, 2024 | A vulnerability was found in DiscuzX up to 3.4-20200818. It has been classified as problematic. Affected is the function show_next_step of the file upload/install/include/install_function.php. The manipulation of the argument uchidden leads to cross site scripting. It is… | ||
| CVE-2008-6957 | 0.03 | — | 0.03 | Aug 12, 2009 | member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter. | |||
| CVE-2008-3554 | 0.03 | — | 0.01 | Aug 8, 2008 | SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action. | |||
| CVE-2006-5561 | 0.03 | — | 0.01 | Oct 27, 2006 | SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie. | |||
| CVE-2004-0254 | 0.03 | — | 0.02 | Nov 23, 2004 | Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag. | |||
| CVE-2024-30884 | 0.00 | — | 0.01 | Apr 11, 2024 | Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component. |
- risk 0.64cvss 9.8epss 0.02
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.
- risk 0.58cvss 8.8epss 0.11
The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.
- risk 0.57cvss 8.8epss 0.02
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.
- risk 0.53cvss 8.1epss 0.01
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.
- risk 0.53cvss 8.1epss 0.01
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which…
- risk 0.47cvss 7.2epss 0.01
Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute.…
- risk 0.42cvss 6.5epss 0.00
Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a…
- risk 0.40cvss 6.1epss 0.01
Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.
- risk 0.40cvss 6.1epss 0.01
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.
- risk 0.40cvss 6.1epss 0.01
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.
- risk 0.38cvss 5.9epss 0.01
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the common_member_wechatmp data structure via an ac=unbindmp request to plugin.php.
- risk 0.35cvss 5.4epss 0.01
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
- risk 0.35cvss 5.4epss 0.01
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.
- risk 0.35cvss 5.4epss 0.01
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.
- risk 0.16cvss 3.5epss 0.00
A vulnerability was found in DiscuzX up to 3.4-20200818. It has been classified as problematic. Affected is the function show_next_step of the file upload/install/include/install_function.php. The manipulation of the argument uchidden leads to cross site scripting. It is…
- CVE-2008-6957Aug 12, 2009risk 0.03cvss —epss 0.03
member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.
- CVE-2008-3554Aug 8, 2008risk 0.03cvss —epss 0.01
SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action.
- CVE-2006-5561Oct 27, 2006risk 0.03cvss —epss 0.01
SQL injection vulnerability in admincp.php in Discuz! GBK 5.0.0 allows remote attackers to execute arbitrary SQL commands via the cdb_auth cookie.
- CVE-2004-0254Nov 23, 2004risk 0.03cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag.
- CVE-2024-30884Apr 11, 2024risk 0.00cvss —epss 0.01
Reflected Cross-Site Scripting (XSS) vulnerability in Discuz! version X3.4 20220811, allows remote attackers to execute arbitrary code and obtain sensitive information via crafted payload to the primarybegin parameter in the misc.php component.
Page 1 of 2