GCVE - cpe:2.3:a:anelectron:advanced_electron

Approved changes feed: RSS · Atom

cpe:2.3:a:anelectron:advanced_electron_forum:1.0.2:*:*:*:*:*:*:*

part: a version: 1.0.2 update: *

Vendor	Anelectron (`341d69d1-1c35-5949-a450-3cc53d7e1c06`)
Product	Advanced Electron Forum (`ae35611e-bda7-5867-aef1-287f661f00dd`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/aefgroup/advanced-electron-forum`	purl2cpe	2026-06-01 10:13:44.958228

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2009-2546`	vulnerable	2026-06-08 04:51:29.127713	Details available Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x allows remote attackers to determine the existence of arbitrary files via the avatargalfile parameter when changing an avatar, which leaks the existence of the file in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: 2009-07-20T19:25:00.000Z Updated: 2024-08-07T05:52:15.228Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/51776 http://secunia.com/advisories/35646 http://osvdb.org/55926	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2545`	vulnerable	2026-06-08 04:51:29.123861	Details available SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: 2009-07-20T19:25:00.000Z Updated: 2024-08-07T05:52:15.208Z Open on db.gcve.eu Reference links http://osvdb.org/55925 https://exchange.xforce.ibmcloud.com/vulnerabilities/51775 http://secunia.com/advisories/35646	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-5090`	vulnerable	2026-06-08 04:50:49.470812	Details available Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in bbcode in the email parameter, which is processed by the preg_replace function with the eval switch. Published: 2008-11-14T19:00:00.000Z Updated: 2024-08-07T10:40:17.234Z Open on db.gcve.eu Reference links http://www.anelectron.com/board/index.php?tid=3282 https://exchange.xforce.ibmcloud.com/vulnerabilities/45270 http://www.securityfocus.com/archive/1/496552/100/0/threaded http://www.gulftech.org/?node=research&article_id=00131-09202008 http://securityreason.com/securityalert/4598	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Advanced Electron Forum

PURL mappings

Vulnerability references

Contribute