GCVE - cpe:2.3:a:anelectron:advanced_electron

Approved changes feed: RSS · Atom

cpe:2.3:a:anelectron:advanced_electron_forum:1.0.6:*:*:*:*:*:*:*

part: a version: 1.0.6 update: *

Vendor	Anelectron (`341d69d1-1c35-5949-a450-3cc53d7e1c06`)
Product	Advanced Electron Forum (`ae35611e-bda7-5867-aef1-287f661f00dd`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from purl2cpe mapping

PURL mappings

PURL	Source	Last updated
`pkg:github/aefgroup/advanced-electron-forum`	purl2cpe	2026-06-01 10:13:44.961897

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2009-2546`	vulnerable	2026-06-08 04:51:29.127788	Details available Directory traversal vulnerability in Advanced Electron Forum (AEF) 1.x allows remote attackers to determine the existence of arbitrary files via the avatargalfile parameter when changing an avatar, which leaks the existence of the file in an error message. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: 2009-07-20T19:25:00.000Z Updated: 2024-08-07T05:52:15.228Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/51776 http://secunia.com/advisories/35646 http://osvdb.org/55926	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2009-2545`	vulnerable	2026-06-08 04:51:29.125891	Details available SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Published: 2009-07-20T19:25:00.000Z Updated: 2024-08-07T05:52:15.208Z Open on db.gcve.eu Reference links http://osvdb.org/55925 https://exchange.xforce.ibmcloud.com/vulnerabilities/51775 http://secunia.com/advisories/35646	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2008-1983`	vulnerable	2026-06-08 04:50:22.576241	Details available Cross-site scripting (XSS) vulnerability in Advanced Electron Forum (AEF) 1.0.6 allows remote attackers to inject arbitrary web script or HTML via the beg parameter in a members action to index.php. Published: 2008-04-27T20:00:00.000Z Updated: 2024-08-07T08:41:00.198Z Open on db.gcve.eu Reference links http://secunia.com/advisories/29923 http://www.securityfocus.com/bid/28865 http://www.z0rlu.ownspace.org/index.php?/archives/60-Advanced-Electron-Forum-AEF-1.0.6-XSS.html https://exchange.xforce.ibmcloud.com/vulnerabilities/41951	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Advanced Electron Forum

PURL mappings

Vulnerability references

Contribute