Description - PHP Code Execution and Multiple XSS in FreeForum
Multiple Vulnerabilities found in FreeForum script.
1. PHP Code Execution Vulnerability.
Vulnerable Script: func.inc.php
Variables $_SERVER[HTTP_X_FORWARDED_FOR] $_SERVER[HTTP_CLIENT_IP] are not sanitized before being written into 'Data/flood.db.php' file. This can be used to inject arbitrary PHP code by posting HTTP query with fake X-Forwarded-For or Client-ip values.
System access is possible.
2. Multiple Cross-Site Scripting
Vulnerable Script: func.inc.php
Variables $name $subject are not properly sanitized. This can be used to post message with arbitrary HTML or JavaScript code.
Order Source Code Audit made by eVuln team
Prevent hacking by source code audit of a site made by our team.The order will be done by specialists in web security.