CVE-2019-18873

CRITICAL

FUDForum 3.0.9 - Stored Cross-Site Scripting and Remote Code Execution via User-Agent Header

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2019-18873. PoCs published by liquidsky, fuzzlove, fuzzlove-group.

AI-analyzed exploit summary This exploit leverages stored XSS vulnerabilities in FUDForum 3.0.9 to achieve remote code execution by uploading a PHP shell. The attack involves injecting malicious JavaScript via username or user-agent fields, which executes when an admin views user information.

Description

FUDForum 3.0.9 is vulnerable to Stored XSS via the User-Agent HTTP header. This may result in remote code execution. An attacker can use a user account to fully compromise the system via a GET request. When the admin visits user information under "User Manager" in the control panel, the payload will execute. This will allow for PHP files to be written to the web root, and for code to execute on the remote server. The problem is in admsession.php and admuser.php.

Exploits (3)

exploitdb WORKING POC

by liquidsky · textwebappsphp

https://www.exploit-db.com/exploits/47650

View Code ZIP pw:eip

This exploit leverages stored XSS vulnerabilities in FUDForum 3.0.9 to achieve remote code execution by uploading a PHP shell. The attack involves injecting malicious JavaScript via username or user-agent fields, which executes when an admin views user information.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: FUDForum 3.0.9

Auth required

Prerequisites: Registered user account · Admin interaction to trigger XSS

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 7 stars

by fuzzlove · poc

https://github.com/fuzzlove/FUDforum-XSS-RCE

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-18873 and CVE-2019-18839, targeting FUDForum 3.0.9. The exploit leverages stored XSS vulnerabilities in the username and User-Agent fields to achieve remote code execution by uploading a PHP shell.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: FUDForum 3.0.9

Auth required

Prerequisites: Registered user account · Admin interaction with user information

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 19, 2026 Full analysis →

gitlab WORKING POC

by fuzzlove-group · poc

https://gitlab.com/fuzzlove-group/FUDforum-XSS-RCE

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2019-18873 and CVE-2019-18839, demonstrating stored XSS vulnerabilities in FUDForum 3.0.9 that can lead to remote code execution. The exploit includes detailed steps and a JavaScript payload (fud.js) that, when triggered by an admin, uploads a PHP shell to the target system.

Classification

Working Poc 95%

Attack Type

Xss

Complexity

Moderate

Reliability

Reliable

Target: FUDForum 3.0.9

Auth required

Prerequisites: Registered user account · Admin interaction to trigger payload

MITRE ATT&CK

T1059.007 - JavaScript T1189 - Drive-by Compromise

devstral-2 · analyzed Feb 23, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory x_refsource_misc

https://github.com/fuzzlove/FUDforum-XSS-RCE

Third Party Advisory x_refsource_misc

https://sourceforge.net/p/fudforum/code/6321/

Scores

CVSS v3 9.0

EPSS 0.0815

EPSS Percentile 94.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

Details

CWE

CWE-78 CWE-79

Status published

Products (1)

fudforum/fudforum 3.0.9

Published Nov 12, 2019

Tracked Since Feb 18, 2026