Shodan
Vulnerabilities
Vulnerable Software
Phorum:  >> Phorum  >> 3.0.7  Security Vulnerabilities
CVE-2004-0034
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php.
CVSS Score
4.3
EPSS Score
0.01
Published
2004-01-20
CVE-2004-0035
SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2004-01-20
CVE-2003-1467
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
CVSS Score
4.3
EPSS Score
0.006
Published
2003-12-31
CVE-2003-0283
Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail.
CVSS Score
6.8
EPSS Score
0.007
Published
2003-06-16
CVE-2000-1228
Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.
CVSS Score
5.0
EPSS Score
0.069
Published
2000-12-31
CVE-2000-1229
Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3.
CVSS Score
5.0
EPSS Score
0.006
Published
2000-12-31
CVE-2000-1230
Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman".
CVSS Score
5.0
EPSS Score
0.073
Published
2000-12-31
CVE-2000-1231
code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary files in the phorum directory via the query string.
CVSS Score
5.0
EPSS Score
0.005
Published
2000-12-31
CVE-2000-1232
upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify certain Phorum database tables via an unknown method.
CVSS Score
5.0
EPSS Score
0.004
Published
2000-12-31
CVE-2000-1233
SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter.
CVSS Score
7.5
EPSS Score
0.006
Published
2000-12-31


Products
Pricing
Contact Us

Shodan ® - All rights reserved