Page 3 of 14 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1

An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts. Un problema en la función delete_post() de Online Discussion Forum Site 1 permite a atacantes no autenticados eliminar mensajes de forma arbitraria • https://github.com/bigzooooz/CVE-2022-31295 https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html • CWE-639: Authorization Bypass Through User-Controlled Key •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1

An issue in the save_users() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily create or update user accounts. Un problema en la función save_users() de Online Discussion Forum Site 1 permite a atacantes no autenticados crear o actualizar arbitrariamente cuentas de usuario • https://github.com/bigzooooz/CVE-2022-31294 https://www.sourcecodester.com/php/15337/online-discussion-forum-site-phpoop-free-source-code.html • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 4.8EPSS: 0%CPEs: 1EXPL: 1

Online Discussion Forum Site v1.0 is vulnerable to Cross Site Scripting (XSS) via /odfs/classes/Master.php?f=save_category, name. Online Discussion Forum Site versión v1.0, es vulnerable a un ataque de tipo Cross Site Scripting (XSS) por medio del archivo /odfs/classes/Master.php?f=save_category, name • https://github.com/mikeccltt/0525/blob/main/online-discussion-forum-site/xss.md • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1

Online Discussion Forum Site v1.0 is vulnerable to SQL Injection via /odfs/classes/Master.php?f=delete_team. Online Discussion Forum Site v1.0, es vulnerable a una inyección SQL por medio del archivo /odfs/classes/Master.php?f=delete_team • https://github.com/mikeccltt/0525/blob/main/online-discussion-forum-site/sql.md • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •