Vulnerabilities > Comsenz

DATE CVE VULNERABILITY TITLE RISK
2019-05-22 CVE-2018-14729 Improper Input Validation vulnerability in Comsenz Discuz!
The database backup feature in upload/source/admincp/admincp_db.php in Discuz! 2.5 and 3.4 allows remote attackers to execute arbitrary PHP code.
network
low complexity
comsenz CWE-20
critical
9.0
2018-12-24 CVE-2018-20424 Improper Input Validation vulnerability in Comsenz Discuzx X3.4
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to delete the common_member_wechatmp data structure via an ac=unbindmp request to plugin.php.
network
comsenz CWE-20
5.8
2018-12-24 CVE-2018-20423 Unspecified vulnerability in Comsenz Discuzx X3.4
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass a "disabled registration" setting by adding a non-existing wxopenid value to the plugin.php ac=wxregister query string.
network
comsenz
6.8
2018-12-24 CVE-2018-20422 Improper Authentication vulnerability in Comsenz Discuzx X3.4
Discuz! DiscuzX 3.4, when WeChat login is enabled, allows remote attackers to bypass authentication by leveraging a non-empty #wechat#common_member_wechatmp to gain login access to an account via a plugin.php ac=wxregister request (the attacker does not have control over which account will be accessed).
network
comsenz CWE-287
6.8
2018-10-09 CVE-2018-18083 Code Injection vulnerability in Comsenz Duomicms 3.0
An issue was discovered in DuomiCMS 3.0.
network
low complexity
comsenz CWE-94
7.5
2009-09-15 CVE-2009-3185 SQL Injection vulnerability in Comsenz Crazy Star Plugin 2.0
SQL injection vulnerability in plugin.php in the Crazy Star plugin 2.0 for Discuz! allows remote authenticated users to execute arbitrary SQL commands via the fmid parameter in a view action.
network
low complexity
comsenz CWE-89
7.5
2009-08-12 CVE-2008-6958 Code Injection vulnerability in Comsenz Crossday Discuz! Board 6.0.1/7.0
wap/index.php in Crossday Discuz! Board 6.x and 7.x allows remote authenticated users to execute arbitrary PHP code via the creditsformula parameter.
network
low complexity
comsenz CWE-94
6.5
2008-08-08 CVE-2008-3554 SQL Injection vulnerability in Comsenz Discuz 6.0.1
SQL injection vulnerability in index.php in Discuz! 6.0.1 allows remote attackers to execute arbitrary SQL commands via the searchid parameter in a search action.
network
low complexity
comsenz CWE-89
7.5