SQL injection vulnerability in login.php in Itsourcecode Online Discussion Forum Project in PHP with Source Code 1.0 allows remote attackers to execute arbitrary SQL commands via the email parameter.

HIGH CVSS 8.2 Published Jul 09, 2024

A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. This affects an unknown part of the file change_profile_picture.php. The manipulation of the argument image leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier VDB-266589 was assigned to this vulnerability.

UNKNOWN CVSS 6.3 Published May 30, 2024

Version 1.0

Known Vulnerabilities

CVE-2024-37871

CVE-2024-5518