Code Injection in FUDForum - CVE-2013-2267
Published: January 27, 2020 / Updated: August 9, 2020
Vulnerability identifier: #VU34849
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Green
CVE-ID: CVE-2013-2267
CWE-ID: CWE-94
Exploitation vector: Remote access
Exploit availability:
Public exploit is available
Vendor: FUDforum
Affected software:
FUDForum
FUDForum
Detailed vulnerability description
The vulnerability allows a remote privileged user to execute arbitrary code.
PHP Code Injection vulnerability in FUDforum Bulletin Board Software 3.0.4 could allow remote attackers to execute arbitrary code on the system.
How to mitigate CVE-2013-2267
Install update from vendor's website.