Vulnerabilities > Codologic

DATE CVE VULNERABILITY TITLE RISK
2022-07-07 CVE-2022-31854 Unrestricted Upload of File with Dangerous Type vulnerability in Codologic Codoforum 5.1
Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.
network
low complexity
codologic CWE-434
7.2
2021-07-09 CVE-2020-25875 Cross-site Scripting vulnerability in Codologic Codoforum 5.0.2
A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Smiley Code' parameter.
network
low complexity
codologic CWE-79
5.4
2021-07-09 CVE-2020-25876 Cross-site Scripting vulnerability in Codologic Codoforum 5.0.2
A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via crafted payload entered into the 'Page Title' parameter.
network
low complexity
codologic CWE-79
5.4
2021-07-09 CVE-2020-25879 Cross-site Scripting vulnerability in Codologic Codoforum 5.0.2
A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to execute arbitrary web scripts or HTML via a crafted payload entered into the 'Username' parameter.
network
low complexity
codologic CWE-79
5.4
2021-05-12 CVE-2020-13873 SQL Injection vulnerability in Codologic Codoforum
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin.
network
low complexity
codologic CWE-89
critical
9.8
2020-02-16 CVE-2020-9007 Cross-site Scripting vulnerability in Codologic Codoforum 4.8.8
Codoforum 4.8.8 allows self-XSS via the title of a new topic.
network
low complexity
codologic CWE-79
5.4
2020-02-15 CVE-2020-7050 Incorrect Permission Assignment for Critical Resource vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4
Codologic Codoforum through 4.8.4 allows a DOM-based XSS.
network
low complexity
codologic CWE-732
5.4
2020-02-13 CVE-2020-7051 Incorrect Permission Assignment for Critical Resource vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4
Codologic Codoforum through 4.8.4 allows stored XSS in the login area.
network
low complexity
codologic CWE-732
6.1
2020-01-07 CVE-2020-5842 Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3
Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI.
network
low complexity
codologic CWE-79
6.1
2020-01-07 CVE-2020-5843 Cross-site Scripting vulnerability in Codologic Codoforum 4.8.3
Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen.
network
low complexity
codologic CWE-79
4.8