Login Sign Up

CVE-2019-18873

9.0 CRITICAL
Remote Code Execution Cross-Site Scripting

📋 TL;DR

CVE-2019-18873 is a stored cross-site scripting vulnerability in FUDforum 3.0.9 that allows attackers to inject malicious scripts via the User-Agent HTTP header. When an administrator views user information in the control panel, the payload executes, potentially leading to remote code execution and full system compromise. All users running FUDforum 3.0.9 are affected.

💻 Affected Systems

Products:
  • FUDforum
Versions: 3.0.9
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires attacker to have a user account and administrator to view user information in control panel.

📦 What is this software?

Fudforum by Fudforum

View all CVEs affecting Fudforum →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system takeover: attacker gains remote code execution, writes PHP files to web root, and executes arbitrary commands on the server.

🟠

Likely Case

Attacker compromises the FUDforum installation, steals sensitive data, and potentially gains access to the underlying server.

🟢

If Mitigated

Limited impact with proper input validation and output encoding in place, preventing script execution.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: CONFIRMED
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploit requires a user account but is simple to execute once obtained.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.0.10 and later

Vendor Advisory: https://sourceforge.net/p/fudforum/code/6321/

Restart Required: No

Instructions:

1. Backup your FUDforum installation and database. 2. Download and install FUDforum 3.0.10 or later from the official repository. 3. Replace all files with the patched version. 4. Verify the installation works correctly.

🔧 Temporary Workarounds

Input Validation for User-Agent Header

all

Add server-side validation to sanitize User-Agent headers before processing.

Modify admsession.php and admuser.php to filter/sanitize User-Agent input

Restrict Admin Panel Access

all

Limit access to the admin control panel to trusted IP addresses only.

Add IP-based restrictions in .htaccess or web server configuration

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block malicious User-Agent strings
  • Disable or restrict user registration to prevent attacker account creation

🔍 How to Verify

Check if Vulnerable:

Check if running FUDforum version 3.0.9 by examining version files or admin panel.

Check Version:

grep -r 'FUDforum 3.0.9' /path/to/fudforum/ or check admin panel version display

Verify Fix Applied:

Verify installation shows version 3.0.10 or later in admin panel or version files.

📡 Detection & Monitoring

Log Indicators:

  • Unusual User-Agent strings containing script tags or JavaScript in access logs
  • Admin panel access logs showing suspicious user information views

Network Indicators:

  • HTTP requests with malicious User-Agent headers
  • Unexpected file writes to web root directory

SIEM Query:

source="web_logs" User-Agent="*<script>*" OR User-Agent="*javascript:*"

📊 Metadata

CVE ID: CVE-2019-18873
CVSS v3 Score: 9.0 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
CWE: CWE-78
Published: November 12, 2019
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2019-18873, you might also want to check these:

CVE-2023-2564 10.0

This CVE describes an OS command injection vulnerability in scanservjs web scanning software that al...

Same vulnerability type (CWE-78)
CVE-2024-58338 10.0

Anevia Flamingo XL 3.2.9 contains a restricted shell escape vulnerability that allows remote attacke...

Same vulnerability type (CWE-78)
CVE-2025-26389 10.0

This critical vulnerability allows unauthenticated remote attackers to execute arbitrary code with r...

Same vulnerability type (CWE-78)