Discuz
Products
14- 21 CVEs
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 1 CVE
- 0 CVEs
- 0 CVEs
Recent CVEs
29| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2019-13956 | Cri | 0.64 | 9.8 | 0.05 | Jul 18, 2019 | Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to 4gH4_0df5_language=en'.phpinfo().'; (if the random prefix 4gH4_0df5_ were used). | ||
| CVE-2018-5377 | Cri | 0.64 | 9.8 | 0.02 | Jan 12, 2018 | Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter. | ||
| CVE-2018-14729 | Hig | 0.58 | 8.8 | 0.11 | May 22, 2019 | The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code. | ||
| CVE-2018-5259 | Hig | 0.57 | 8.8 | 0.02 | Jan 8, 2018 | Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter. | ||
| CVE-2018-20423 | Hig | 0.53 | 8.1 | 0.01 | Dec 24, 2018 | Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string. | ||
| CVE-2018-20422 | Hig | 0.53 | 8.1 | 0.01 | Dec 24, 2018 | Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which… | ||
| CVE-2026-49954 | Hig | 0.47 | 7.2 | 0.01 | Jun 15, 2026 | Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute.… | ||
| CVE-2026-49953 | Med | 0.42 | 6.5 | 0.00 | Jun 15, 2026 | Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a… | ||
| CVE-2022-45543 | Med | 0.40 | 6.1 | 0.01 | Feb 15, 2023 | Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search. | ||
| CVE-2018-5376 | Med | 0.40 | 6.1 | 0.01 | Jan 12, 2018 | Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter. | ||
| CVE-2018-5375 | Med | 0.40 | 6.1 | 0.01 | Jan 12, 2018 | Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action. | ||
| CVE-2018-20424 | Med | 0.38 | 5.9 | 0.01 | Dec 24, 2018 | Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the common_member_wechatmp data structure via an ac=unbindmp request to plugin.php. | ||
| CVE-2018-10298 | Med | 0.35 | 5.4 | 0.01 | Apr 22, 2018 | Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content. | ||
| CVE-2018-10297 | Med | 0.35 | 5.4 | 0.01 | Apr 22, 2018 | Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images. | ||
| CVE-2018-5331 | Med | 0.35 | 5.4 | 0.01 | Jan 10, 2018 | Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php. | ||
| CVE-2018-19464 | Med | 0.31 | 4.8 | 0.01 | Nov 22, 2018 | Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code. | ||
| CVE-2020-36828 | Low | 0.16 | 3.5 | 0.00 | Mar 31, 2024 | A vulnerability was found in DiscuzX up to 3.4-20200818. It has been classified as problematic. Affected is the function show_next_step of the file upload/install/include/install_function.php. The manipulation of the argument uchidden leads to cross site scripting. It is… | ||
| CVE-2010-4912 | 0.03 | — | 0.01 | Oct 8, 2011 | SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action. | |||
| CVE-2009-4621 | 0.03 | — | 0.01 | Jan 18, 2010 | SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier for Discuz! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to forummission.php. | |||
| CVE-2009-3185 | 0.03 | — | 0.01 | Sep 15, 2009 | SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action. |
- risk 0.64cvss 9.8epss 0.05
Discuz!ML 3.2 through 3.4 allows remote attackers to execute arbitrary PHP code via a modified language cookie, as demonstrated by changing 4gH4_0df5_language=en to 4gH4_0df5_language=en'.phpinfo().'; (if the random prefix 4gH4_0df5_ were used).
- risk 0.64cvss 9.8epss 0.02
Discuz! DiscuzX X3.4 allows remote attackers to bypass intended access restrictions via the archiver\index.php action parameter.
- risk 0.58cvss 8.8epss 0.11
The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.
- risk 0.57cvss 8.8epss 0.02
Discuz! DiscuzX X3.4 allows remote authenticated users to bypass intended attachment-deletion restrictions via a modified aid parameter.
- risk 0.53cvss 8.1epss 0.01
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.
- risk 0.53cvss 8.1epss 0.01
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which…
- risk 0.47cvss 7.2epss 0.01
Discuz! X5.0 releases 20260320 through 20260610 contain a local file inclusion vulnerability that allows authenticated administrators to execute arbitrary code by importing a specially crafted plugin configuration containing path traversal sequences in the directory attribute.…
- risk 0.42cvss 6.5epss 0.00
Discuz! X5.0 releases 20260320 through 20260610 contains a CAPTCHA bypass vulnerability that allows unauthenticated remote attackers to defeat challenge controls by exploiting limited complexity and predictable character sets in generated CAPTCHA images. Attackers can train a…
- risk 0.40cvss 6.1epss 0.01
Cross site scripting (XSS) vulnerability in DiscuzX 3.4 allows attackers to execute arbitrary code via the datetline, title, tpp, or username parameters via the audit search.
- risk 0.40cvss 6.1epss 0.01
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_upload.php op parameter.
- risk 0.40cvss 6.1epss 0.01
Discuz! DiscuzX X3.4 has XSS via the include\spacecp\spacecp_space.php appid parameter in a delete action.
- risk 0.38cvss 5.9epss 0.01
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the common_member_wechatmp data structure via an ac=unbindmp request to plugin.php.
- risk 0.35cvss 5.4epss 0.01
Discuz! DiscuzX through X3.4 has reflected XSS via forum.php?mod=post&action=newthread because data/template/1_diy_portal_view.tpl.php does not restrict the content.
- risk 0.35cvss 5.4epss 0.01
Discuz! DiscuzX through X3.4 has stored XSS via the portal.php?mod=portalcp&ac=article URI, related to mishandling of IMG elements associated with remote images.
- risk 0.35cvss 5.4epss 0.01
Discuz! DiscuzX X3.4 has XSS via the view parameter to include/space/space_poll.php, as demonstrated by a mod=space do=poll request to home.php.
- risk 0.31cvss 4.8epss 0.01
Discuz! X3.4 allows XSS via admin.php because admincp/admincp_setting.php and template\default\common\footer.htm mishandles statcode field from third-party stats code.
- risk 0.16cvss 3.5epss 0.00
A vulnerability was found in DiscuzX up to 3.4-20200818. It has been classified as problematic. Affected is the function show_next_step of the file upload/install/include/install_function.php. The manipulation of the argument uchidden leads to cross site scripting. It is…
- CVE-2010-4912Oct 8, 2011risk 0.03cvss —epss 0.01
SQL injection vulnerability in shop.php in UCenter Home 2.0 allows remote attackers to execute arbitrary SQL commands via the shopid parameter in a view action.
- CVE-2009-4621Jan 18, 2010risk 0.03cvss —epss 0.01
SQL injection vulnerability in the JiangHu Inn plugin 1.1 and earlier for Discuz! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action to forummission.php.
- CVE-2009-3185Sep 15, 2009risk 0.03cvss —epss 0.01
SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action.