| Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') | |
| Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') | |
| Improper Authentication |
| Vulnerability | Severity Score | Release Date | Summary |
|---|---|---|---|
| CVE-2008-3375 | 7.5 | July 30, 2008 | The jrCookie function in includes/jamroom-misc.inc.php in JamRoom before 3.4.0 allows remote attackers to bypass authentication and gain administrative access via a boolean value within serialized data in a JMU_Cookie cookie. |
| CVE-2009-1318 | 6.5 | April 17, 2009 | Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory traversal sequences in the t parameter. |
| CVE-2010-2463 | 4.3 | June 25, 2010 | Cross-site scripting (XSS) vulnerability in forum.php in Jamroom before 4.1.9 allows remote attackers to inject arbitrary web script or HTML via the post_id parameter in a modify action. |
| CVE-2009-1318 | 6.5 | April 17, 2009 | Directory traversal vulnerability in index.php in Jamroom 3.1.2, 3.2.3 through 3.2.6, 4.0.2, and possibly other versions before 3.4.0 allows remote attackers to include arbitrary files via directory traversal sequences in the t parameter. |