Vulnerabilities > Codologic > Codoforum > 4.8.4
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-05-12 | CVE-2020-13873 | SQL Injection vulnerability in Codologic Codoforum A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. | 10.0 |
2020-02-15 | CVE-2020-7050 | Cross-site Scripting vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4 Codologic Codoforum through 4.8.4 allows a DOM-based XSS. | 3.5 |
2020-02-13 | CVE-2020-7051 | Cross-site Scripting vulnerability in Codologic Codoforum 2.5.1/4.8.3/4.8.4 Codologic Codoforum through 4.8.4 allows stored XSS in the login area. | 4.3 |