VYPR

Phpforum

by Phpforum

CVEs (4)

  • CVE-2002-0319Jun 25, 2002
    risk 0.04cvss epss 0.07

    Cross-site scripting vulnerability in edituser.php for pforum 1.14 and earlier allows remote attackers to execute script and steal cookies from other users via Javascript in a username.

  • CVE-2008-6437Mar 6, 2009
    risk 0.03cvss epss 0.02

    Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeForum 1.0 RC2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) message parameter to error.php, and the (2) nickname and (3) randomid parameters to part/menu.php.

  • CVE-2005-4088Dec 8, 2005
    risk 0.00cvss epss 0.01

    SQL injection vulnerability in index.php in phpForumPro 2.2 allows remote attackers to execute arbitrary SQL commands via the (1) parent and (2) day parameters.

  • CVE-2003-0559Aug 18, 2003
    risk 0.00cvss epss 0.01

    mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows remote attackers to execute arbitrary PHP code by modifying the MAIN_PATH parameter to reference a URL on a remote web server that contains the code.