Vulnerabilities > Ilia Alshanetsky > Fudforum > 1.9.8

DATE CVE VULNERABILITY TITLE RISK
2013-08-16 CVE-2013-5309 Cross-Site Scripting vulnerability in multiple products
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php.
network
high complexity
fudforum ilia-alshanetsky CWE-79
2.6
2.6
2003-04-11 CVE-2002-1423 Unspecified vulnerability in Ilia Alshanetsky Fudforum 1.2.8/1.9.8/2.0.2
tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.
network
low complexity
ilia-alshanetsky
5.0
5.0
2003-04-11 CVE-2002-1422 Unspecified vulnerability in Ilia Alshanetsky Fudforum 1.2.8/1.9.8/2.0.2
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.
network
low complexity
ilia-alshanetsky
5.0
5.0
2003-04-11 CVE-2002-1421 SQL Injection vulnerability in Ilia Alshanetsky Fudforum 1.2.8/1.9.8/2.0.2
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.
network
low complexity
ilia-alshanetsky
7.5
7.5