Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phorum vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2004-2110
SQL injection vulnerability in register.php in Phorum prior to 3.4.6 allows remote malicious users to execute arbitrary SQL commands via the hide_email parameter.
Phorum Phorum
7.5
CVSSv2
CVE-2007-2339
Multiple SQL injection vulnerabilities in Phorum prior to 5.1.22 allow remote malicious users to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.p...
Phorum Phorum
3 EDB exploits
6.8
CVSSv2
CVE-2007-0769
Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly.
Phorum Phorum 5.1.18
2.6
CVSSv2
CVE-2006-3612
Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Phorum Phorum 5.1.14
5
CVSSv2
CVE-2002-0352
Phorum 3.3.2 allows remote malicious users to determine the email addresses of the 10 most active users via a direct HTTP request to the stats.php program, which does not require authentication.
Phorum Phorum 3.3.2
5
CVSSv2
CVE-2011-3768
Phorum 5.2.15a allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files.
Phorum Phorum 5.2.15a
7.5
CVSSv2
CVE-2006-6550
PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use
Phorum Phorum 3.2.11
1 EDB exploit
5
CVSSv2
CVE-2000-1228
Phorum 3.0.7 allows remote malicious users to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.
Phorum Phorum 3.0.7
1 EDB exploit
5
CVSSv2
CVE-2000-1231
code.php3 in Phorum 3.0.7 allows remote malicious users to read arbitrary files in the phorum directory via the query string.
Phorum Phorum 3.0.7
5
CVSSv2
CVE-2000-1232
upgrade.php3 in Phorum 3.0.7 could allow remote malicious users to modify certain Phorum database tables via an unknown method.
Phorum Phorum 3.0.7
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »