7 matches found
EUVD-2004-2232
Malware in sbrugna...
Phorum 5.0.11 Read.PHP SQL Injection Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/14095/info Phoroum is prone to SQL injection attacks. Insufficient sanitization of user input may allow a malicious user to manipulate the structure and logic of database queries. Successful exploitation could allow the...
CVE-2004-2240
Phorum 5.0.11 and earlier contains multiple SQL injection vulnerabilities. Specifically, remote attackers can modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php. The connected sources confirm the affected product/version and the injection paths, but do n...
CVE-2004-2241
Phorum 5.0.11 and earlier is affected by a Cross-site Scripting (XSS) vulnerability that allows remote attackers to inject arbitrary HTML or web script via search.php. The note indicates some sources claim the vulnerable file is read.php, but this conflicts with the vendor’s patch. The NVD entry,...
CVE-2004-2240
Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via 1 the query string in read.php or 2 unknown vectors in file.php...
CVE-2004-2241
Cross-site scripting XSS vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor's patch...
Phorum 5.0.11 - 'Read.php' SQL Injection
source: https://www.securityfocus.com/bid/14095/info Phoroum is prone to SQL injection attacks. Insufficient sanitization of user input may allow a malicious user to manipulate the structure and logic of database queries. Successful exploitation could allow the attacker to compromise security...