Phpforum
by Phpforum
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-0319 | 0.04 | — | 0.07 | Jun 25, 2002 | Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username. | |||
| CVE-2008-6437 | 0.03 | — | 0.02 | Mar 6, 2009 | Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1.0 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to error.php, and the (2) nickname and (3) randomid parameters to part/menu.php. | |||
| CVE-2005-4088 | 0.00 | — | 0.01 | Dec 8, 2005 | SQL injection vulnerability in index.php in phpForumPro 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) parent and (2) day parameters. | |||
| CVE-2003-0559 | 0.00 | — | 0.01 | Aug 18, 2003 | mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAIN_PATH parameter to reference a URL on a remote web server that contains the code. |
- CVE-2002-0319Jun 25, 2002risk 0.04cvss —epss 0.07
Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username.
- CVE-2008-6437Mar 6, 2009risk 0.03cvss —epss 0.02
Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1.0 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to error.php, and the (2) nickname and (3) randomid parameters to part/menu.php.
- CVE-2005-4088Dec 8, 2005risk 0.00cvss —epss 0.01
SQL injection vulnerability in index.php in phpForumPro 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) parent and (2) day parameters.
- CVE-2003-0559Aug 18, 2003risk 0.00cvss —epss 0.01
mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAIN_PATH parameter to reference a URL on a remote web server that contains the code.