Ilia Alshanetsky Fudforum — known CVE vulnerabilities
Every CVE whose affected-product data names Ilia Alshanetsky Fudforum, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2002-1421 — CVSS 7.5 (high): SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1)…
CVE-2005-2781 — CVSS 7.5 (high): The Avatar upload feature in FUD Forum before 2.7.0 does not properly verify uploaded files, which allows remote attackers to execute…
CVE-2002-1422 — CVSS 5.0 (medium): admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest…
CVE-2002-1423 — CVSS 5.0 (medium): tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter.
CVE-2005-2600 — CVSS 5.0 (medium): FUDForum 2.6.15 with "Tree View" enabled, as used in other products such as phpgroupware and egroupware, allows remote attackers to read…
CVE-2013-5309 — CVSS 2.6 (low): Cross-site scripting (XSS) vulnerability in install/forum_data/src/custom_fields.inc.t in FUDforum 3.0.4.1 and earlier, when registering a…