Anelectron Advanced Electron Forum — known CVE vulnerabilities
Every CVE whose affected-product data names Anelectron Advanced Electron Forum, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2008-5090 — CVSS 10.0 (critical): Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in…
CVE-2009-2545 — CVSS 6.8 (medium): SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute…
CVE-2011-3700 — CVSS 5.0 (medium): Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, which…
CVE-2018-13000 — CVSS 4.8 (medium): An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` element of…
CVE-2008-1983 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (AEF) 1.0.6 allows remote attackers to inject arbitrary web script or…
CVE-2009-2546 — CVSS 4.3 (medium): Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x allows remote attackers to determine the existence of arbitrary…