quicksilver_forums 漏洞与 CVE 列表（6）

产品（CPE）: — CVE 数: 6

quicksilver_forums 漏洞概览

汇总 quicksilver_forums 相关全部产品的 CVE 与安全漏洞情报，包括 CVSS、EPSS、公开时间与漏洞情报数据。

历史漏洞主要涉及路径处理缺陷与SQL 注入等问题，部分漏洞可能导致文件覆盖，并影响软件部署与生产负载相关场景。

相关漏洞数据主要来源于公开漏洞披露与安全公告，可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势（近 24 个月）

CVE	摘要	来源	最高 CVSS	EPSS %	公开时间	更新时间
CVE-2008-7064	Directory traversal vulnerability in the get_lang function in global.php in Quicksilver Forums 1.4.2 and earlier, as used in QSF Portal before 1.4.5, when running on Windows, allows remote attackers to include and execute arbitrary local files via a "\" (backslash) in the lang parameter to index.php, which bypasses a protection mechanism that only checks for "/" (forward slash), as demonstrated by uploading and including PHP code in an avatar file.	[email protected]	7.5	3.19%	2009-08-25	2026-04-23
CVE-2008-3601	SQL injection vulnerability in index.php in Quicksilver Forums 1.4.1 allows remote attackers to execute arbitrary SQL commands via the forums array parameter in a search action.	[email protected]	7.5	1.04%	2008-08-12	2026-04-23
CVE-2007-5172	Quicksilver Forums before 1.4.1 allows remote attackers to obtain sensitive information by causing unspecified connection errors, which reveals the database password in the resulting error message.	[email protected]	5.0	1.22%	2007-10-01	2026-04-23
CVE-2007-5171	Unspecified vulnerability in Quicksilver Forums before 1.4.1 allows remote attackers to delete arbitrary PMs via unspecified vectors.	[email protected]	5.0	1.19%	2007-10-01	2026-04-23
CVE-2006-4824	PHP remote file inclusion vulnerability in lib/activeutil.php in Quicksilver Forums (QSF) 1.2.1 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the set[include_path] parameter.	[email protected]	7.5	7.83%	2006-09-15	2026-04-16
CVE-2005-4030	SQL injection vulnerability in Quicksilver Forums before 1.5.1 allows remote attackers to execute arbitrary SQL commands via the HTTP_USER_AGENT header.	[email protected]	5.1	1.09%	2005-12-06	2026-04-16

cvelogic Threat Intelligence