Discuz\!

CVEs (4)

CVE	Risk	CVSS	EPSS	Published	Description
CVE-2008-6957	0.04	—	0.07	Aug 12, 2009	member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.
CVE-2008-3554	0.03	—	0.00	Aug 8, 2008	SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action.
CVE-2004-0254	0.03	—	0.06	Nov 23, 2004	Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag.
CVE-2005-2614	0.00	—	0.02	Aug 17, 2005	Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.

CVE-2008-6957Aug 12, 2009
risk 0.04cvss —epss 0.07
member.php in Crossday Discuz! Board allows remote attackers to reset passwords of arbitrary users via crafted (1) lostpasswd and (2) getpasswd actions, possibly involving predictable generation of the id parameter.
CVE-2008-3554Aug 8, 2008
risk 0.03cvss —epss 0.00
SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action.
CVE-2004-0254Nov 23, 2004
risk 0.03cvss —epss 0.06
Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x allows remote attackers to execute arbitrary script as other users via an img tag.
CVE-2005-2614Aug 17, 2005
risk 0.00cvss —epss 0.02
Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that include .php.