5 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/kingshao0312/cve/issues/2 https://vuldb.com/?ctiid.267408 https://vuldb.com/?id.267408 https://vuldb.com/?submit.351116 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

A vulnerability was found in itsourcecode Online Discussion Forum 1.0. It has been rated as critical. This issue affects some unknown processing of the file register_me.php. The manipulation of the argument eaddress leads to sql injection. The attack may be initiated remotely. • https://github.com/kingshao0312/cve/issues/1 https://vuldb.com/?ctiid.267407 https://vuldb.com/?id.267407 https://vuldb.com/?submit.351115 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/L1OudFd8cl09/CVE/issues/1 https://vuldb.com/?ctiid.266589 https://vuldb.com/?id.266589 https://vuldb.com/?submit.346309 • CWE-434: Unrestricted Upload of File with Dangerous Type •

CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1

Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php. Se ha detectado que Online Discussion Forum Site 1 contiene una vulnerabilidad de inyección SQL ciega por medio del componente /odfs/posts/view_post.php • https://github.com/bigzooooz/CVE-2022-31296 https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1

The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page. El subsistema de mensajería en el Online Discussion Forum versión 1.0, es vulnerable a un ataque de tipo XSS en el cuerpo del mensaje. Un usuario autenticado puede enviar mensajes a usuarios arbitrarios en el sistema que incluyen javascript que se ejecutará cuando se visualiza la página de mensajes • https://www.exploit-db.com/exploits/48897 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •