Headline
CVE-2020-5306
Codoforum 4.8.3 allows XSS via a post using parameters display name, title name, or content.
Notice: Trying to access array offset on value of type bool in /home/mainpage/domains/codologic.private-server.stream/public_html/forum/sys/Controller/forum.php on line 199
Fatal error: Uncaught PDOException: SQLSTATE[42000]: Syntax error or access violation: 1064 You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near ‘AND t.topic_status <> 0 AND ( EXISTS (SELECT 1 FROM codo_permissions AS per…’ at line 3 in /home/mainpage/domains/codologic.private-server.stream/public_html/forum/sys/CODOF/Forum/Category.php:214 Stack trace: #0 /home/mainpage/domains/codologic.private-server.stream/public_html/forum/sys/CODOF/Forum/Category.php(214): PDO->query(‘SELECT COUNT(t…’) #1 /home/mainpage/domains/codologic.private-server.stream/public_html/forum/sys/Controller/forum.php(200): CODOF\Forum\Category->get_total_num_topics(NULL) #2 /home/mainpage/domains/codologic.private-server.stream/public_html/forum/routes.php(483): Controller\forum->category('news-and-announ…’, 1) #3 [internal function]: {closure}(‘news-and-announ…’) #4 /home/mainpage/domains/codologic.private-server.stream/public_html/forum/sys/CODOF/Router/ in /home/mainpage/domains/codologic.private-server.stream/public_html/forum/sys/CODOF/Forum/Category.php on line 214