Mylittleforum My Little Forum — known CVE vulnerabilities
Every CVE whose affected-product data names Mylittleforum My Little Forum, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2026-25923 — CVSS 9.1 (critical): my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the…
CVE-2010-2133 — CVSS 7.5 (high): SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id…
CVE-2019-12253 — CVSS 6.5 (medium): my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting.
CVE-2015-1434 — CVSS 6.5 (medium): Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via…
CVE-2015-1435 — CVSS 4.3 (medium): Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via…
CVE-2015-1475 — CVSS 4.3 (medium): Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web…