4 results (0.013 seconds)

CVSS: 10.0EPSS: 13%CPEs: 1EXPL: 3

A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on the operating system.) Una vulnerabilidad de inyección SQL en la función get_topic_info() en el archivo sys/CODOF/Forum/Topic.php en Codoforum versiones anteriores a 4.9, permite a atacantes remotos (autenticación previa) omitir la página de administración por medio de un token de restablecimiento de contraseña filtrado del administrador. (Como administrador, un atacante puede cargar un shell PHP y ejecutar código remoto en el sistema operativo) • http://codologic.com/forum https://blog.sonarsource.com/codoforum-4.8.7-critical-code-vulnerabilities-explained https://community.sonarsource.com/c/announce/stories/23 https://community.sonarsource.com/t/codoforum-4-8-7-critical-code-vulnerabilities-explained/28297 https://github.com/SmashITs https://twitter.com/sonarsource/status/1300818196090384384 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •

CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 0

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is automatically loaded in the DOM once the thread/topic is opened. Because session cookies lack the HttpOnly flag, it is possible to steal authentication cookies and take over accounts. Codologic Codoforum versiones hasta 4.8.4, permite un ataque de tipo XSS basado en DOM. Mediante la creación de un nuevo tema como un usuario normal, es posible agregar una encuesta que se carga automáticamente en el DOM una vez que thread/topic es abierto. • https://codologic.com/forum/index.php?u=/topic/12638/codoforum-4-8-8-released-and-the-future#post-23845 https://www.linkedin.com/posts/polina-voronina-896819b5_discovered-by-polina-voronina-jan-15-activity-6634436086540054528-dDgg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session cookies lack the HttpOnly flag. The impact is account takeover. Codologic Codoforum hasta la versión 4.8.4 permite XSS almacenado en el área de inicio de sesión. Esto es relevante en conjunción con CVE-2020-5842 porque las cookies de sesión carecen del indicador HttpOnly. • https://codologic.com/forum/index.php?u=/topic/12638/codoforum-4-8-8-released-and-the-future#post-23845 https://www.linkedin.com/posts/polina-voronina-896819b5_discovered-by-polina-voronina-jan-15-activity-6634436086540054528-dDgg • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') CWE-732: Incorrect Permission Assignment for Critical Resource •

CVSS: 5.0EPSS: 15%CPEs: 1EXPL: 4

The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter to index.php. La función sanitize en Codoforum 2.5.1 no implementa correctamente el filtrado para secuencias de salto de directorio, lo que permite a atacantes remotos leer ficheros arbitrarios a través de un .. (punto punto) en el parámetro path en index.php. Codoforum version 2.5.1 suffers from an arbitrary file download vulnerability. • https://www.exploit-db.com/exploits/36320 http://osvdb.org/show/osvdb/119412 http://packetstormsecurity.com/files/130739/Codoforum-2.5.1-Arbitrary-File-Download.html http://security.szurek.pl/codoforum-251-arbitrary-file-download.html http://www.exploit-db.com/exploits/36320 https://codoforum.com/documentation/roadmap • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •