CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 1CVE-2006-5421 – WSN Forum 1.3.4 - 'prestart.php' Remote Code Execution
https://notcve.org/view.php?id=CVE-2006-5421
20 Oct 2006 — WSN Forum 1.3.4 and earlier allows remote attackers to execute arbitrary PHP code via a modified pathname in the pathtoconfig parameter that points to an avatar image that contains PHP code, which is then accessed from prestart.php. NOTE: this issue has been labeled remote file inclusion, but that label only applies to the attack, not the underlying vulnerability. WSN Forum 1.3.4 y anteriores permite a un atacante remoto ejecutar código PHP de su elección a través de una nombre de camino modificado en el pa... • https://www.exploit-db.com/exploits/2583 •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 2CVE-2005-3916 – WSN Forum 1.21 - 'memberlist.php' SQL Injection
https://notcve.org/view.php?id=CVE-2005-3916
30 Nov 2005 — SQL injection vulnerability in memberlist.php in WSN Forum 1.21 allows remote attackers to execute arbitrary SQL commands via the id parameter in a profile action. • https://www.exploit-db.com/exploits/26567 •