Vulnerabilities > Keir Davis
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2009-05-01 | CVE-2009-1512 | Code Injection vulnerability in Keir Davis X-Forum 0.6.2 Static code injection vulnerability in X-Forum 0.6.2 allows remote authenticated administrators to inject arbitrary PHP code into Config.php via the adminEMail parameter to SaveConfig.php. | 6.5 |
2009-05-01 | CVE-2009-1508 | SQL Injection vulnerability in Keir Davis X-Forum 0.6.2 SQL injection vulnerability in the xforum_validateUser function in Common.php in X-Forum 0.6.2 allows remote attackers to execute arbitrary SQL commands, as demonstrated via the cookie_username parameter to Configure.php. | 7.5 |