CVEDB API

Vulnerabilities

Vulnerable Software

Phorum: >> Phorum Security Vulnerabilities

CVE-2008-4513

Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags.

CVSS Score

4.3

EPSS Score

0.005

Published

2008-10-09

CVE-2008-1486

SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.

CVSS Score

6.8

EPSS Score

0.004

Published

2008-03-24

CVE-2007-2338

Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter.

CVSS Score

7.5

EPSS Score

0.161

Published

2007-04-27

CVE-2007-2339

Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.

CVSS Score

7.5

EPSS Score

0.028

Published

2007-04-27

CVE-2007-2248

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.

CVSS Score

4.3

EPSS Score

0.071

Published

2007-04-25

CVE-2007-2249

include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.

CVSS Score

6.5

EPSS Score

0.159

Published

2007-04-25

CVE-2007-2250

admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter.

CVSS Score

5.0

EPSS Score

0.132

Published

2007-04-25

CVE-2006-6968

Cross-site scripting (XSS) vulnerability in the group moderation control center page in Phorum before 5.1.19 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

5.8

EPSS Score

0.003

Published

2007-02-06

CVE-2007-0767

Cross-site scripting (XSS) vulnerability in the core in Phorum before 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

6.8

EPSS Score

0.005

Published

2007-02-06

CVE-2007-0769

Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly.

CVSS Score

6.8

EPSS Score

0.006

Published

2007-02-06

Prev Next

Page 2

Vulnerabilities

Vulnerable Software

Phorum: >> Phorum Security Vulnerabilities

Products

Pricing

Contact Us