Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phorum vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2006-6550
PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use
Phorum Phorum 3.2.11
1 EDB exploit
7.5
CVSSv2
CVE-2000-1233
SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote malicious users to execute arbitrary SQL queries via the sSQL parameter.
Phorum Phorum 3.0.7
6.8
CVSSv2
CVE-2007-0769
Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly.
Phorum Phorum 5.1.18
4.3
CVSSv2
CVE-2008-4513
Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote malicious users to inject arbitrary web script or HTML via nested BBcode image tags.
Phorum Phorum 5.2.8
2.6
CVSSv2
CVE-2006-3612
Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors.
Phorum Phorum 5.1.14
5.1
CVSSv2
CVE-2006-3615
Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable.
Phorum Phorum 5.1.14
4.3
CVSSv2
CVE-2005-0783
Cross-site scripting (XSS) vulnerability in Phorum prior to 5.0.14a allows remote malicious users to inject arbitrary web script or HTML via the filename of an attached file.
Phorum Phorum 5.0.14
1 EDB exploit
4.3
CVSSv2
CVE-2005-0784
Multiple cross-site scripting (XSS) vulnerabilities in Phorum prior to 5.0.15 allow remote malicious users to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel.
Phorum Phorum 5.0.14
5
CVSSv2
CVE-2005-0843
CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote malicious users to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header.
Phorum Phorum 5.0.14a
1 EDB exploit
7.5
CVSSv2
CVE-2002-0764
Phorum 3.3.2a allows remote malicious users to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands.
Phorum Phorum 3.3.2a
1 EDB exploit
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-33572
CVE-2024-24919
CVE-2024-0230
CVE-2024-32714
HTML injection
local file inclusion
CVE-2024-31098
CVE-2024-31244
privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »