Skip to main content

Codoforum

10 CVEs product

Monthly

CVE-2022-31854 HIGH POC THREAT This Week

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Codoforum
NVD GitHub Exploit-DB
CVSS 3.1
7.2
EPSS
32.2%
CVE-2020-21845 MEDIUM POC This Month

Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Codoforum
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-9007 MEDIUM POC This Month

Codoforum 4.8.8 allows self-XSS via the title of a new topic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Codoforum
NVD GitHub
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-7050 MEDIUM This Month

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Codoforum
NVD
CVSS 3.1
5.4
EPSS
0.5%
CVE-2020-7051 MEDIUM This Month

Codologic Codoforum through 4.8.4 allows stored XSS in the login area. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Codoforum
NVD
CVSS 3.1
6.1
EPSS
0.8%
CVE-2020-5842 MEDIUM POC This Month

Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Codoforum
NVD Exploit-DB
CVSS 3.1
6.1
EPSS
1.8%
CVE-2020-5843 MEDIUM POC This Month

Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Codoforum
NVD
CVSS 3.1
4.8
EPSS
0.5%
CVE-2020-5306 MEDIUM POC This Month

Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Codoforum
NVD Exploit-DB
CVSS 3.1
4.8
EPSS
1.1%
CVE-2020-5305 MEDIUM POC This Month

Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Codoforum
NVD
CVSS 3.1
4.8
EPSS
0.6%
CVE-2014-9261 MEDIUM POC THREAT This Month

The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.2%.

Path Traversal PHP Codoforum
NVD Exploit-DB
CVSS 2.0
5.0
EPSS
17.2%
EPSS 32% CVSS 7.2
HIGH POC THREAT This Week

Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

File Upload Codoforum
NVD GitHub Exploit-DB
EPSS 1% CVSS 6.1
MEDIUM POC This Month

Codoforum 4.8.3 allows HTML Injection in the 'admin dashboard Manage users Section.'. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS Codoforum
NVD
EPSS 1% CVSS 5.4
MEDIUM POC This Month

Codoforum 4.8.8 allows self-XSS via the title of a new topic. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Codoforum
NVD GitHub
EPSS 1% CVSS 5.4
MEDIUM This Month

Codologic Codoforum through 4.8.4 allows a DOM-based XSS. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Codoforum
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Codologic Codoforum through 4.8.4 allows stored XSS in the login area. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Codoforum
NVD
EPSS 2% CVSS 6.1
MEDIUM POC This Month

Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

XSS PHP Codoforum
NVD Exploit-DB
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Codoforum 4.8.3 allows XSS in the admin dashboard via a category to the Manage Users screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Codoforum
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Codoforum
NVD Exploit-DB
EPSS 1% CVSS 4.8
MEDIUM POC This Month

Codoforum 4.8.3 allows XSS in the admin dashboard via a name field of a new user, i.e., on the Manage Users screen. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS Codoforum
NVD
EPSS 17% CVSS 5.0
MEDIUM POC THREAT This Month

The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote attackers to read arbitrary files via a .. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and EPSS exploitation probability 17.2%.

Path Traversal PHP Codoforum
NVD Exploit-DB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy