CVE-2020-13873
https://notcve.org/view.php?id=CVE-2020-13873
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on the operating system.) Una vulnerabilidad de inyección SQL en la función get_topic_info() en el archivo sys/CODOF/Forum/Topic.php en Codoforum versiones anteriores a 4.9, permite a atacantes remotos (autenticación previa) omitir la página de administración por medio de un token de restablecimiento de contraseña filtrado del administrador. (Como administrador, un atacante puede cargar un shell PHP y ejecutar código remoto en el sistema operativo) • http://codologic.com/forum https://blog.sonarsource.com/codoforum-4.8.7-critical-code-vulnerabilities-explained https://community.sonarsource.com/c/announce/stories/23 https://community.sonarsource.com/t/codoforum-4-8-7-critical-code-vulnerabilities-explained/28297 https://github.com/SmashITs https://twitter.com/sonarsource/status/1300818196090384384 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2020-21845
https://notcve.org/view.php?id=CVE-2020-21845
Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.' Codoforum versión 4.8.3, permite una inyección de HTML en el "admin dashboard Manage users Section" • https://codoforum.com https://vyshnavvizz.blogspot.com/2020/01/html-injection-in-codoforum-v483.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-9007
https://notcve.org/view.php?id=CVE-2020-9007
Codoforum 4.8.8 allows self-XSS via the title of a new topic. Codoforum versión 4.8.8, permite un ataque de tipo XSS propio, por medio del título de un nuevo tema. • https://github.com/matuhn/Research/blob/master/codoforum/readme.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2020-7050
https://notcve.org/view.php?id=CVE-2020-7050
Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts. Codologic Codoforum versiones hasta 4.8.4, permite un ataque de tipo XSS basado en DOM. Mediante la creación de un nuevo tema como un usuario normal, es posible agregar una encuesta que se carga automáticamente en el DOM una vez que thread/topic es abierto. • https://codologic.com/forum/index.php?u=/topic/12638/codoforum-4-8-8-released-and-the-future#post-23845 https://www.linkedin.com/posts/polina-voronina-896819b5_discovered-by-polina-voronina-jan-15-activity-6634436086540054528-dDgg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-732: Incorrect Permission Assignment for Critical Resource •
CVE-2020-7051
https://notcve.org/view.php?id=CVE-2020-7051
Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover. Codologic Codoforum hasta la versión 4.8.4 permite XSS almacenado en el área de inicio de sesión. Esto es relevante en conjunción con CVE-2020-5842 porque las cookies de sesión carecen del indicador HttpOnly. • https://codologic.com/forum/index.php?u=/topic/12638/codoforum-4-8-8-released-and-the-future#post-23845 https://www.linkedin.com/posts/polina-voronina-896819b5_discovered-by-polina-voronina-jan-15-activity-6634436086540054528-dDgg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-732: Incorrect Permission Assignment for Critical Resource •