Phorum Security Vulnerabilities and Issues — Phorum CVE List

Lucene search

PhorumPhorum

11 matches found

CVE•added 2005/07/14 4:0 a.m.•52 views

CVE-2000-1230

Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman".

5CVSS7.1AI score0.07287EPSS

CVE•added 2005/07/17 4:0 a.m.•50 views

CVE-2004-2240

Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.

7.5CVSS8.2AI score0.01233EPSS

CVE•added 2005/07/14 4:0 a.m.•45 views

CVE-2000-1228

Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.

5CVSS7.5AI score0.06948EPSS

CVE•added 2005/07/17 4:0 a.m.•40 views

CVE-2004-2241

Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor's patch.

4.3CVSS6AI score0.00504EPSS

CVE•added 2005/07/17 4:0 a.m.•40 views

CVE-2004-2242

Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter.

4.3CVSS5.9AI score0.00655EPSS

CVE•added 2005/07/14 4:0 a.m.•39 views

CVE-2000-1234

violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters.

5CVSS7.3AI score0.03931EPSS

CVE•added 2005/07/14 4:0 a.m.•38 views

CVE-2000-1229

Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3.

5CVSS7.1AI score0.00576EPSS

CVE•added 2005/07/14 4:0 a.m.•36 views

CVE-2000-1231

code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary files in the phorum directory via the query string.

5CVSS7.1AI score0.00462EPSS

CVE•added 2005/07/14 4:0 a.m.•36 views

CVE-2000-1233

SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter.

7.5CVSS8.6AI score0.00584EPSS

CVE•added 2005/07/14 4:0 a.m.•35 views

CVE-2000-1232

upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify certain Phorum database tables via an unknown method.

5CVSS7AI score0.00448EPSS

CVE•added 2005/07/17 4:0 a.m.•30 views

CVE-2004-2243

Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous.

7.5CVSS7AI score0.00717EPSS