SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ilia_alshanetsky | fudforum | 2.0.2 |
| ilia_alshanetsky | fudforum | 1.2.8 |
| ilia_alshanetsky | fudforum | 1.9.8 |
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ilia_alshanetsky | fudforum | 2.0.2 |
| ilia_alshanetsky | fudforum | 1.2.8 |
| ilia_alshanetsky | fudforum | 1.9.8 |
tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ilia_alshanetsky | fudforum | 2.0.2 |
| ilia_alshanetsky | fudforum | 1.2.8 |
| ilia_alshanetsky | fudforum | 1.9.8 |
FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read private posts via a modified mid parameter.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ilia_alshanetsky | fudforum | 2.6.15 |
The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute arbitrary PHP code via a file with a .php extension that contains image data followed by PHP code.
CVSS 2.0
Severity: HIGH
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ilia_alshanetsky | fudforum | 2.2.1 |
| ilia_alshanetsky | fudforum | 2.6.5 |
| ilia_alshanetsky | fudforum | 2.1.1 |
| ilia_alshanetsky | fudforum | 2.2.0 |
| ilia_alshanetsky | fudforum | 2.6.14 |
| ilia_alshanetsky | fudforum | 2.2.5 |
| ilia_alshanetsky | fudforum | 2.3.3 |
| ilia_alshanetsky | fudforum | 2.6.4 |
| ilia_alshanetsky | fudforum | 2.6.11 |
| ilia_alshanetsky | fudforum | 2.6.15 |
| ilia_alshanetsky | fudforum | 2.1.0 |
| ilia_alshanetsky | fudforum | 2.3.8 |
| ilia_alshanetsky | fudforum | 2.6.9 |
| ilia_alshanetsky | fudforum | 2.6.3 |
| ilia_alshanetsky | fudforum | 2.6.2 |
| ilia_alshanetsky | fudforum | 2.6.13 |
| ilia_alshanetsky | fudforum | 2.6.6 |
| ilia_alshanetsky | fudforum | 2.3.5 |
| ilia_alshanetsky | fudforum | 2.6.7 |
| ilia_alshanetsky | fudforum | 2.6.10 |
| ilia_alshanetsky | fudforum | 2.3.6 |
| ilia_alshanetsky | fudforum | 2.2.4 |
| ilia_alshanetsky | fudforum | 2.2.2 |
| ilia_alshanetsky | fudforum | 2.3.2 |
| ilia_alshanetsky | fudforum | 2.1.2 |
| ilia_alshanetsky | fudforum | 2.5.1 |
| ilia_alshanetsky | fudforum | 2.6.12 |
| ilia_alshanetsky | fudforum | 2.6.1 |
| ilia_alshanetsky | fudforum | 2.6.8 |
| ilia_alshanetsky | fudforum | 2.6.0 |
| ilia_alshanetsky | fudforum | 2.3.4 |
| ilia_alshanetsky | fudforum | 2.1.3 |
| ilia_alshanetsky | fudforum | 2.3.0 |
| ilia_alshanetsky | fudforum | 2.5.2 |
| ilia_alshanetsky | fudforum | 2.7.0 |
| ilia_alshanetsky | fudforum | 2.3.7 |
| ilia_alshanetsky | fudforum | 2.2.3 |
| ilia_alshanetsky | fudforum | 2.5.0 |
| ilia_alshanetsky | fudforum | 2.3.1 |
Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a new user, allows remote attackers to inject arbitrary web script or HTML via a custom profile field to index.php. NOTE: some of these details are obtained from third party information.
CVSS 2.0
Severity: LOW
Problem Type: CWE-79,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| ilia_alshanetsky | fudforum | 2.6.5 |
| fudforum | fudforum | 2.7.2 |
| ilia_alshanetsky | fudforum | 2.0.2 |
| ilia_alshanetsky | fudforum | 2.2.5 |
| fudforum | fudforum | 2.7.7 |
| ilia_alshanetsky | fudforum | 2.3.3 |
| ilia_alshanetsky | fudforum | 2.6.4 |
| ilia_alshanetsky | fudforum | 2.3.8 |
| ilia_alshanetsky | fudforum | 2.6.9 |
| fudforum | fudforum | 2.7.3 |
| fudforum | fudforum | 3.0.4 |
| ilia_alshanetsky | fudforum | 2.6.2 |
| ilia_alshanetsky | fudforum | 2.6.13 |
| ilia_alshanetsky | fudforum | 2.6.6 |
| ilia_alshanetsky | fudforum | 2.6.10 |
| ilia_alshanetsky | fudforum | 2.2.4 |
| ilia_alshanetsky | fudforum | 2.2.2 |
| fudforum | fudforum | 3.0.3 |
| ilia_alshanetsky | fudforum | 2.7.1 |
| fudforum | fudforum | 3.0.2 |
| ilia_alshanetsky | fudforum | 2.6.1 |
| ilia_alshanetsky | fudforum | 1.9.8 |
| ilia_alshanetsky | fudforum | 2.3.4 |
| ilia_alshanetsky | fudforum | 2.5.2 |
| ilia_alshanetsky | fudforum | 2.7.0 |
| ilia_alshanetsky | fudforum | 2.3.7 |
| ilia_alshanetsky | fudforum | 1.2.8 |
| ilia_alshanetsky | fudforum | 2.5.0 |
| fudforum | fudforum | 2.7.5 |
| fudforum | fudforum | 2.7.4 |
| fudforum | fudforum | 3.0.1 |
| ilia_alshanetsky | fudforum | 2.2.1 |
| ilia_alshanetsky | fudforum | 2.1.1 |
| ilia_alshanetsky | fudforum | 2.2.0 |
| ilia_alshanetsky | fudforum | 2.6.14 |
| fudforum | fudforum | 2.8.0 |
| ilia_alshanetsky | fudforum | 2.6.11 |
| ilia_alshanetsky | fudforum | 2.6.15 |
| ilia_alshanetsky | fudforum | 2.1.0 |
| ilia_alshanetsky | fudforum | 2.6.3 |
| ilia_alshanetsky | fudforum | 2.3.5 |
| ilia_alshanetsky | fudforum | 2.6.7 |
| ilia_alshanetsky | fudforum | 2.3.6 |
| ilia_alshanetsky | fudforum | 2.3.2 |
| ilia_alshanetsky | fudforum | 2.1.2 |
| ilia_alshanetsky | fudforum | 2.5.1 |
| fudforum | fudforum | 2.8.1 |
| ilia_alshanetsky | fudforum | 2.6.12 |
| ilia_alshanetsky | fudforum | 2.6.8 |
| ilia_alshanetsky | fudforum | 2.6.0 |
| ilia_alshanetsky | fudforum | 2.1.3 |
| ilia_alshanetsky | fudforum | 2.3.0 |
| fudforum | fudforum | 2.7.6 |
| fudforum | fudforum | * |
| ilia_alshanetsky | fudforum | 2.2.3 |
| fudforum | fudforum | 3.0.0 |
| ilia_alshanetsky | fudforum | 2.3.1 |