4 matches found
CVE-2018-16389
e107admin/banlist.php in e107 2.1.8 allows SQL injection via the oldip parameter...
Phorum 5.2 admin/banlist.php curr Parameter XSS
No description provided by source. source: http://www.securityfocus.com/bid/34551/info Phorum is prone to multiple cross-site scripting vulnerabilities because the application fails to sufficiently sanitize user-supplied input. An attacker can exploit these issues to steal cookie-based...
Phorum Cross Site Scripting / Request Forgery
=cicatriz ==advisories= / / / / // / / // / o / / .-/ =Phorum 5.2.10 Cross-Site Scripting/Request Forgery==/= == =Advisory & Vulnerability Information=== Title: Phorum 5.2.10 Cross-Site Scripting/Request Forgery Advisory ID: VUDO-2009-1504 Advisory URL: http://research.voodoo-labs.org/advisories/...
CVE-2007-2338
Phorum prior to 5.1.22 is affected by a CSRF vulnerability in include/admin/banlist.php that allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter. The issue is a CSRF, enabling privilege escalation of admin actions without exploiting authe...