Vulnerabilities > Ilia Alshanetsky > Fudforum > 1.9.8
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2013-08-16 | CVE-2013-5309 | Cross-Site Scripting vulnerability in multiple products Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. | 2.6 |
2003-04-11 | CVE-2002-1423 | Unspecified vulnerability in Ilia Alshanetsky Fudforum 1.2.8/1.9.8/2.0.2 tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter. | 5.0 |
2003-04-11 | CVE-2002-1422 | Unspecified vulnerability in Ilia Alshanetsky Fudforum 1.2.8/1.9.8/2.0.2 admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters. | 5.0 |
2003-04-11 | CVE-2002-1421 | SQL Injection vulnerability in Ilia Alshanetsky Fudforum 1.2.8/1.9.8/2.0.2 SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php. | 7.5 |