Simple It Discussion Forum
Monthly
SQL injection in Simple IT Discussion Forum 1.0 by code-projects allows unauthenticated remote attackers to execute arbitrary SQL commands via the cat_id parameter in /delete-category.php, enabling unauthorized data access, modification, or deletion. Publicly available exploit code exists. CVSS 7.3 (High) reflects network-accessible attack surface with low complexity and no authentication requirement, permitting compromise of confidentiality, integrity, and availability.
Stored cross-site scripting (XSS) in code-projects Simple IT Discussion Forum 1.0 allows authenticated remote attackers with administrative privileges to inject malicious scripts via the fname parameter in /admin/user.php, affecting user interactions through reflected XSS. The vulnerability has a CVSS score of 2.4 but carries a public exploit, though the low CVSS reflects the requirement for high-privilege authentication and user interaction to trigger the payload.
SQL injection in code-projects Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to execute arbitrary SQL queries via the post_id parameter in /topic-details.php. Successful exploitation enables unauthorized database access, data manipulation, and potential information disclosure. Publicly available exploit code exists. The CVSS vector indicates network-based attack with low complexity, no authentication required, enabling compromise of confidentiality, integrity, and availability at low impact levels across all vectors.
SQL injection in code-projects Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to extract, modify, or delete database records via the post_id parameter in /pages/content.php. Publicly available exploit code exists. The vulnerability enables unauthorized database access with low complexity, requiring no user interaction. Attack achieves limited confidentiality, integrity, and availability impact across the vulnerable application.
SQL injection in Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to extract, modify, or delete database records via crafted postid parameter in /functions/addcomment.php. Publicly available exploit code exists. CVSS 7.3 indicates network-accessible attack requiring no user interaction, achieving partial confidentiality, integrity, and availability impact. Vulnerability disclosed with proof-of-concept on GitHub.
SQL injection in Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the 'content' parameter in /question-function.php, enabling unauthorized database access, data exfiltration, and potential manipulation of stored records. Publicly available exploit code exists. CVSS 7.3 (High) reflects network-accessible attack vector with no authentication required, compromising confidentiality, integrity, and availability at low impact levels.
Cross-site scripting (XSS) vulnerability in code-projects Simple IT Discussion Forum 1.0 allows remote attackers to inject malicious scripts via the Category parameter in /edit-category.php. The vulnerability requires user interaction (reflected XSS) but has a low CVSS base score of 4.3; however, publicly available exploit code exists, increasing practical risk for unpatched installations.
SQL injection in Simple IT Discussion Forum 1.0 by code-projects allows unauthenticated remote attackers to execute arbitrary SQL commands via the cat_id parameter in /delete-category.php, enabling unauthorized data access, modification, or deletion. Publicly available exploit code exists. CVSS 7.3 (High) reflects network-accessible attack surface with low complexity and no authentication requirement, permitting compromise of confidentiality, integrity, and availability.
Stored cross-site scripting (XSS) in code-projects Simple IT Discussion Forum 1.0 allows authenticated remote attackers with administrative privileges to inject malicious scripts via the fname parameter in /admin/user.php, affecting user interactions through reflected XSS. The vulnerability has a CVSS score of 2.4 but carries a public exploit, though the low CVSS reflects the requirement for high-privilege authentication and user interaction to trigger the payload.
SQL injection in code-projects Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to execute arbitrary SQL queries via the post_id parameter in /topic-details.php. Successful exploitation enables unauthorized database access, data manipulation, and potential information disclosure. Publicly available exploit code exists. The CVSS vector indicates network-based attack with low complexity, no authentication required, enabling compromise of confidentiality, integrity, and availability at low impact levels across all vectors.
SQL injection in code-projects Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to extract, modify, or delete database records via the post_id parameter in /pages/content.php. Publicly available exploit code exists. The vulnerability enables unauthorized database access with low complexity, requiring no user interaction. Attack achieves limited confidentiality, integrity, and availability impact across the vulnerable application.
SQL injection in Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to extract, modify, or delete database records via crafted postid parameter in /functions/addcomment.php. Publicly available exploit code exists. CVSS 7.3 indicates network-accessible attack requiring no user interaction, achieving partial confidentiality, integrity, and availability impact. Vulnerability disclosed with proof-of-concept on GitHub.
SQL injection in Simple IT Discussion Forum 1.0 allows unauthenticated remote attackers to execute arbitrary SQL commands via the 'content' parameter in /question-function.php, enabling unauthorized database access, data exfiltration, and potential manipulation of stored records. Publicly available exploit code exists. CVSS 7.3 (High) reflects network-accessible attack vector with no authentication required, compromising confidentiality, integrity, and availability at low impact levels.
Cross-site scripting (XSS) vulnerability in code-projects Simple IT Discussion Forum 1.0 allows remote attackers to inject malicious scripts via the Category parameter in /edit-category.php. The vulnerability requires user interaction (reflected XSS) but has a low CVSS base score of 4.3; however, publicly available exploit code exists, increasing practical risk for unpatched installations.