CVEDB API

Vulnerabilities

Vulnerable Software

Phorum: >> Phorum >> 5.1.18 Security Vulnerabilities

CVE-2007-2339

Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.

CVSS Score

7.5

EPSS Score

0.028

Published

2007-04-27

CVE-2007-2248

Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.

CVSS Score

4.3

EPSS Score

0.071

Published

2007-04-25

CVE-2007-2249

include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.

CVSS Score

6.5

EPSS Score

0.159

Published

2007-04-25

CVE-2007-2250

admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter.

CVSS Score

5.0

EPSS Score

0.132

Published

2007-04-25

CVE-2006-6968

Cross-site scripting (XSS) vulnerability in the group moderation control center page in Phorum before 5.1.19 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.

CVSS Score

5.8

EPSS Score

0.003

Published

2007-02-06

CVE-2007-0769

Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly.

CVSS Score

6.8

EPSS Score

0.006

Published

2007-02-06

Page 2

Vulnerabilities

Vulnerable Software

Phorum: >> Phorum >> 5.1.18 Security Vulnerabilities

Products

Pricing

Contact Us