Phorum 5.1.20 - 'admin.php' Groups Module Edit/Add Group Field SQL Injection

source: https://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the application fails to sufficiently...

PT-2006-4143 · Phorum · Phorum

Name of the Vulnerable Software and Affected Versions: Phorum versions 5.1.14 and earlier Description: A SQL injection issue in the search.php file allows remote attackers to potentially execute arbitrary SQL commands via the page parameter. However, the vendor disputes this report, stating that...

Phorum 3.3.2a remote command execution

Target: Phorum 3.3.2a prior versions? Description: In Phorum 3.3.2a a bulletin board there's a security flaw that lets remote users include external php scripts and execute arbitary code. Found by: Markus [email protected] Vendor: http://www.phorum.org Notified Vendor: Yes, already fixed...

Phorum 3.0.7 - 'admin.php3' Unverified Administrative Password Change

source: https://www.securityfocus.com/bid/2271/info Phorum is a popular, free, open source software package originally written by Brian Moon. The package is designed to add chat/bulletin board style interaction between visitors of a web site. A problem with Phorum can allow remote users access to...