← Back

6kbbs

3 CVEs • 1 product

Products (1)

Click to collapse
Toggle
6kbbs
3 CVEs

CVEs (3)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2015-9292
16kbbs
16kbbs
Nov 21, 2024
Aug 8, 2019
N/A· v4
8.8 HIGH· v3
6.8 MEDIUM· v2
6kbbs 7.1 and 8.0 allows CSRF via portalchannel_ajax.php (id or code parameter) or admin.php (fileids parameter).
CVE-2010-4812
16kbbs
16kbbs
Apr 29, 2026
Jul 8, 2011
N/A· v4
N/A· v3
6.5 MEDIUM· v2
Multiple SQL injection vulnerabilities in 6kbbs 8.0 build 20100901 allow remote attackers to execute arbitrary SQL commands via the (1) tids[] parameter to ajaxadmin.php and the (2) msgids[] parameter to ajaxmember.php.
CVE-2010-4811
16kbbs
16kbbs
Apr 29, 2026
Jul 8, 2011
N/A· v4
N/A· v3
4.3 MEDIUM· v2
Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web script or HTML via the (1) user[msn], (2) user[email], and (3) user[phone]...Show more
Multiple cross-site scripting (XSS) vulnerabilities in ajaxmember.php in 6kbbs 8.0 build 20100901 allow remote attackers to inject arbitrary web script or HTML via the (1) user[msn], (2) user[email], and (3) user[phone] parameters in a modifyDetails action.Show less