Vulnerabilities > Codologic > Codoforum > 2.5.1

DATE CVE VULNERABILITY TITLE RISK
2021-05-12 CVE-2020-13873 SQL Injection vulnerability in Codologic Codoforum
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin.
network
low complexity
codologic CWE-89
critical
 10.0
10
2020-02-15 CVE-2020-7050 Cross-site Scripting vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4
Codologic Codoforum through 4.8.4 allows a DOM-based XSS.
network
codologic CWE-79
3.5
3.5
2020-02-13 CVE-2020-7051 Cross-site Scripting vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4
Codologic Codoforum through 4.8.4 allows stored XSS in the login area.
network
codologic CWE-79
4.3
4.3
2015-03-23 CVE-2014-9261 Path Traversal vulnerability in Codologic Codoforum 2.5.1
The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a ..
network
low complexity
codologic CWE-22
5.0
5.0