mylittleforum CVE Vulnerabilities & Metrics

Focus on mylittleforum vulnerabilities and metrics.

Last updated: 29 Mar 2026, 22:25 UTC

About mylittleforum Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with mylittleforum. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total mylittleforum CVEs: 5
Earliest CVE date: 02 Jun 2010, 18:30 UTC
Latest CVE date: 09 Feb 2026, 22:16 UTC

Latest CVE reference: CVE-2026-25923

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 1

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): -100.0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): -100.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical mylittleforum CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 4.41

Max CVSS: 7.5

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	3
4.0-6.9	5
7.0-8.9	1
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS mylittleforum CVEs

These are the five CVEs with the highest CVSS scores for mylittleforum, sorted by severity first and recency.

CVE-2010-2133 mylittleforum Published on 02 Jun 2010, 18:30 UTC (CVSS: 7.5)
SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942.
CVE-2015-1434 mylittleforum Published on 16 Feb 2015, 15:59 UTC (CVSS: 6.5)
Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.
CVE-2019-12253 mylittleforum Published on 21 May 2019, 17:29 UTC (CVSS: 5.8)
my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting.
CVE-2018-15569 mylittleforum Published on 20 Aug 2018, 01:29 UTC (CVSS: 4.3)
my little forum 2.4.12 allows CSRF for deletion of users.
CVE-2015-1435 mylittleforum Published on 16 Feb 2015, 15:59 UTC (CVSS: 4.3)
Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php.

All CVEs for mylittleforum

CVE-2026-25923 mylittleforum vulnerability CVSS: 0 09 Feb 2026, 22:16 UTC

my little forum is a PHP and MySQL based internet forum that displays the messages in classical threaded view. Prior to 20260208.1, the application fails to filter the phar:// protocol in URL validation, allowing attackers to upload a malicious Phar Polyglot file (disguised as JPEG) via the image upload feature, trigger Phar deserialization through BBCode [img] tag processing, and exploit Smarty 4.1.0 POP chain to achieve arbitrary file deletion. This vulnerability is fixed in 20260208.1.

CVE-2019-12253 mylittleforum vulnerability CVSS: 5.8 21 May 2019, 17:29 UTC

my little forum before 2.4.20 allows CSRF to delete posts, as demonstrated by mode=posting&delete_posting.

CVE-2018-15569 mylittleforum vulnerability CVSS: 4.3 20 Aug 2018, 01:29 UTC

my little forum 2.4.12 allows CSRF for deletion of users.

CVE-2018-14937 mylittleforum vulnerability CVSS: 3.5 05 Aug 2018, 01:29 UTC

The Add page option in my little forum 2.4.12 allows XSS via the Menu Link field.

CVE-2018-14936 mylittleforum vulnerability CVSS: 3.5 05 Aug 2018, 01:29 UTC

The Add page option in my little forum 2.4.12 allows XSS via the Title field.

CVE-2015-1435 mylittleforum vulnerability CVSS: 4.3 16 Feb 2015, 15:59 UTC

Cross-site scripting (XSS) vulnerability in my little forum before 2.3.4 allows remote attackers to inject arbitrary web script or HTML via the back parameter to index.php.

CVE-2015-1434 mylittleforum vulnerability CVSS: 6.5 16 Feb 2015, 15:59 UTC

Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.

CVE-2015-1475 mylittleforum vulnerability CVSS: 4.3 04 Feb 2015, 16:59 UTC

Multiple cross-site scripting (XSS) vulnerabilities in my little forum 2.3.3, 2.2, and 1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) page or (2) category parameter to forum.php or the (3) page or (4) order parameter to (a) board_entry.php or (b) forum_entry.php.

CVE-2010-2133 mylittleforum vulnerability CVSS: 7.5 02 Jun 2010, 18:30 UTC

SQL injection vulnerability in contact.php in My Little Forum allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2007-2942.