Vulnerabilities > Codologic > Codoforum > 2.5.1

DATE CVE VULNERABILITY TITLE RISK
2021-05-12 CVE-2020-13873 SQL Injection vulnerability in Codologic Codoforum
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin.
network
low complexity
codologic CWE-89
critical
 9.8
9.8
2020-02-15 CVE-2020-7050 Incorrect Permission Assignment for Critical Resource vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4
Codologic Codoforum through 4.8.4 allows a DOM-based XSS.
network
low complexity
codologic CWE-732
5.4
5.4
2020-02-13 CVE-2020-7051 Incorrect Permission Assignment for Critical Resource vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4
Codologic Codoforum through 4.8.4 allows stored XSS in the login area.
network
low complexity
codologic CWE-732
6.1
6.1