Skip to main content

My Little Forum

8 CVEs product

Monthly

CVE-2026-25923 CRITICAL Act Now

my little forum PHP forum software has an unrestricted file upload allowing authenticated users to upload dangerous file types.

PHP Deserialization File Upload My Little Forum
NVD GitHub VulDB
CVSS 3.1
9.1
EPSS
0.0%
CVE-2019-12253 MEDIUM POC This Month

my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF My Little Forum
NVD GitHub
CVSS 3.0
6.5
EPSS
0.6%
CVE-2018-15569 MEDIUM This Month

my little forum 2.4.12 allows CSRF for deletion of users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF My Little Forum
NVD
CVSS 3.0
6.5
EPSS
0.4%
CVE-2018-14937 MEDIUM POC This Month

The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Little Forum
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2018-14936 MEDIUM POC This Month

The Add page option in my little forum 2.4.12 allows XSS via the Title field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Little Forum
NVD
CVSS 3.0
4.8
EPSS
0.9%
CVE-2015-1435 MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP My Little Forum
NVD
CVSS 2.0
4.3
EPSS
0.9%
CVE-2015-1434 MEDIUM POC This Month

Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi My Little Forum
NVD
CVSS 2.0
6.5
EPSS
0.4%
CVE-2015-1475 MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP My Little Forum
NVD
CVSS 2.0
4.3
EPSS
0.3%
EPSS 0% CVSS 9.1
CRITICAL Act Now

my little forum PHP forum software has an unrestricted file upload allowing authenticated users to upload dangerous file types.

PHP Deserialization File Upload +1
NVD GitHub VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF My Little Forum
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM This Month

my little forum 2.4.12 allows CSRF for deletion of users. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF My Little Forum
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Little Forum
NVD
EPSS 1% CVSS 4.8
MEDIUM POC This Month

The Add page option in my little forum 2.4.12 allows XSS via the Title field. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

XSS My Little Forum
NVD
EPSS 1% CVSS 4.3
MEDIUM POC This Month

Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Public exploit code available and no vendor patch available.

XSS PHP My Little Forum
NVD
EPSS 0% CVSS 6.5
MEDIUM POC This Month

Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

PHP SQLi My Little Forum
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

XSS PHP My Little Forum
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy