Every CVE whose affected-product data names Codologic Codoforum, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (15)
CVE-2020-13873 — CVSS 9.8 (critical): A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers…
CVE-2020-22539 — CVSS 7.2 (high): An arbitrary file upload vulnerability in the Add Category function of Codoforum v4.9 allows attackers to execute arbitrary code via…
CVE-2022-31854 — CVSS 7.2 (high): Codoforum v5.1 was discovered to contain an arbitrary file upload vulnerability via the logo change option in the admin panel.
CVE-2020-5842 — CVSS 6.1 (medium): Codoforum 4.8.3 allows XSS in the user registration page: via the username field to the index.php?u=/user/register URI. The payload is, for…
CVE-2020-7051 — CVSS 6.1 (medium): Codologic Codoforum through 4.8.4 allows stored XSS in the login area. This is relevant in conjunction with CVE-2020-5842 because session…
CVE-2020-25876 — CVSS 5.4 (medium): A stored cross site scripting (XSS) vulnerability in the 'Pages' feature of Codoforum v5.0.2 allows authenticated attackers to execute…
CVE-2020-22540 — CVSS 5.4 (medium): Stored Cross-Site Scripting (XSS) vulnerability in Codoforum v4.9, allows attackers to execute arbitrary code and obtain sensitive…
CVE-2020-25875 — CVSS 5.4 (medium): A stored cross site scripting (XSS) vulnerability in the 'Smileys' feature of Codoforum v5.0.2 allows authenticated attackers to execute…
CVE-2020-7050 — CVSS 5.4 (medium): Codologic Codoforum through 4.8.4 allows a DOM-based XSS. While creating a new topic as a normal user, it is possible to add a poll that is…
CVE-2020-25879 — CVSS 5.4 (medium): A stored cross site scripting (XSS) vulnerability in the 'Manage Users' feature of Codoforum v5.0.2 allows authenticated attackers to…
CVE-2014-9261 — CVSS 5.0 (medium): The sanitize function in Codoforum 2.5.1 does not properly implement filtering for directory traversal sequences, which allows remote…