CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5734 – itsourcecode Online Discussion Forum poster.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-5734
A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/kingshao0312/cve/issues/2 https://vuldb.com/?ctiid.267408 https://vuldb.com/?id.267408 https://vuldb.com/?submit.351116 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5733 – itsourcecode Online Discussion Forum register_me.php sql injection
https://notcve.org/view.php?id=CVE-2024-5733
A vulnerability was found in itsourcecode Online Discussion Forum 1.0. It has been rated as critical. This issue affects some unknown processing of the file register_me.php. The manipulation of the argument eaddress leads to sql injection. The attack may be initiated remotely. • https://github.com/kingshao0312/cve/issues/1 https://vuldb.com/?ctiid.267407 https://vuldb.com/?id.267407 https://vuldb.com/?submit.351115 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2024-5518 – itsourcecode Online Discussion Forum change_profile_picture.php unrestricted upload
https://notcve.org/view.php?id=CVE-2024-5518
A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. • https://github.com/L1OudFd8cl09/CVE/issues/1 https://vuldb.com/?ctiid.266589 https://vuldb.com/?id.266589 https://vuldb.com/?submit.346309 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2022-31296
https://notcve.org/view.php?id=CVE-2022-31296
Online Discussion Forum Site 1 was discovered to contain a blind SQL injection vulnerability via the component /odfs/posts/view_post.php. Se ha detectado que Online Discussion Forum Site 1 contiene una vulnerabilidad de inyección SQL ciega por medio del componente /odfs/posts/view_post.php • https://github.com/bigzooooz/CVE-2022-31296 https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2020-28141
https://notcve.org/view.php?id=CVE-2020-28141
The messaging subsystem in the Online Discussion Forum 1.0 is vulnerable to XSS in the message body. An authenticated user can send messages to arbitrary users on the system that include javascript that will execute when viewing the messages page. El subsistema de mensajería en el Online Discussion Forum versión 1.0, es vulnerable a un ataque de tipo XSS en el cuerpo del mensaje. Un usuario autenticado puede enviar mensajes a usuarios arbitrarios en el sistema que incluyen javascript que se ejecutará cuando se visualiza la página de mensajes • https://www.exploit-db.com/exploits/48897 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •