Vulnerabilities > Codologic > Codoforum > 4.8.8

DATE CVE VULNERABILITY TITLE RISK
2021-05-12 CVE-2020-13873 SQL Injection vulnerability in Codologic Codoforum
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin.
network
low complexity
codologic CWE-89
critical
 9.8
9.8
2020-02-16 CVE-2020-9007 Cross-site Scripting vulnerability in Codologic Codoforum 4.8.8
Codoforum 4.8.8 allows self-XSS via the title of a new topic.
network
low complexity
codologic CWE-79
5.4
5.4