Back to search
CVE-2019-18873
Published: Nov 12, 2019
Modified: Aug 5, 2024
PUBLISHED
Description
FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://github.com/fuzzlove/FUDforum-XSS-RCE
x_refsource_MISC
https://sourceforge.net/p/fudforum/code/6321/
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now