CVE-2019-18873

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2019-18873
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-18873.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2019-18873
Published
2019-11-12T02:15:10Z
Modified
2024-09-02T23:07:10Z
Severity
  • 9.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.

References

Affected packages

Git / github.com/fudforum/fudforum

Affected ranges

Type
GIT
Repo
https://github.com/fudforum/fudforum
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected