CVE-2025-71282

High CVSS: 8.7

XenForo before 2.3.7 discloses filesystem paths through exception messages triggered by open_basedir restrictions. This allows an attacker to obtain information about the server's directory structure.

Vendor

Xenforo

Product

Xenforo

CWE

CWE-209

Yayın Tarihi

2026-04-01 01:16:40

Güncelleme

2026-04-01 18:53:29

Source Identifier

disclosure@vulncheck.com

KEV Date Added

Kategoriler

CWE-209 Xenforo HIGH Xenforo 2026

Referanslar

https://www.vulncheck.com/advisories/xenforo-path-disclosure-via-open-basedir-exceptions https://xenforo.com/community/threads/xenforo-2-3-7-released-includes-security-fixes.232121/

Benzer Kayıtlar

Medium

CVE-2026-35054

XenForo before 2.3.9 is vulnerable to stored cross-site scripting (XSS) related to BB code rendering. An attacker can in…

Medium

CVE-2026-35055

XenForo before 2.3.9 and before 2.2.18 is vulnerable to cross-site scripting (XSS) related to lightbox usage in posts. A…

High

CVE-2026-35056

XenForo before 2.3.9 and before 2.2.18 allows remote code execution (RCE) by authenticated, but malicious, admin users.…

Medium

CVE-2026-35057

XenForo before 2.3.10 and before 2.2.19 is vulnerable to stored cross-site scripting (XSS) in structured text mentions,…

High

CVE-2025-71278

XenForo before 2.3.5 allows OAuth2 client applications to request unauthorized scopes. This affects any customer using O…

Critical

CVE-2025-71279

XenForo before 2.3.7 contains a security issue affecting Passkeys that have been added to user accounts. An attacker may…