Back to search
CVE-2020-13873
Published: May 12, 2021
Modified: Aug 4, 2024
PUBLISHED
Description
A SQL Injection vulnerability in get_topic_info() in sys/CODOF/Forum/Topic.php in Codoforum before 4.9 allows remote attackers (pre-authentication) to bypass the admin page via a leaked password-reset token of the admin. (As an admin, an attacker can upload a PHP shell and execute remote code on the operating system.)
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://community.sonarsource.com/c/announce/stories/23
x_refsource_MISC
https://github.com/SmashITs
x_refsource_MISC
http://codologic.com/forum/
x_refsource_MISC
https://twitter.com/sonarsource/status/1300818196090384384
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now