Vulnerabilities > Codologic > Codoforum > 4.8.4

DATE CVE VULNERABILITY TITLE RISK
2021-05-12 CVE-2020-13873 SQL Injection vulnerability in Codologic Codoforum
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin.
network
low complexity
codologic CWE-89
critical
 10.0
10
2020-02-15 CVE-2020-7050 Cross-site Scripting vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4
Codologic Codoforum through 4.8.4 allows a DOM-based XSS.
network
codologic CWE-79
3.5
3.5
2020-02-13 CVE-2020-7051 Cross-site Scripting vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4
Codologic Codoforum through 4.8.4 allows stored XSS in the login area.
network
codologic CWE-79
4.3
4.3