Vulnerabilities > Anelectron > Advanced Electron Forum > 1.0.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-07-20 | CVE-2009-2546 | Path Traversal vulnerability in Anelectron Advanced Electron Forum Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x allows remote attackers to determine the existence of arbitrary files via the avatargalfile parameter when changing an avatar, which leaks the existence of the file in an error message. | 4.3 |
2009-07-20 | CVE-2009-2545 | SQL Injection vulnerability in Anelectron Advanced Electron Forum SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. | 6.8 |
2008-11-14 | CVE-2008-5090 | Code Injection vulnerability in Anelectron Advanced Electron Forum Electron Inc. | 10.0 |