Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phorum vulnerabilities and exploits
(subscribe to this query)
668
VMScore
CVE-2004-2240
Multiple SQL injection vulnerabilities in Phorum 5.0.11 and previous versions allow remote malicious users to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.
Phorum Phorum 5.0.11
383
VMScore
CVE-2004-2241
Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and previous versions allows remote malicious users to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor'...
Phorum Phorum 5.0.11
435
VMScore
CVE-2004-2242
Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and previous versions, allows remote malicious users to inject arbitrary HTML or web script via the subject parameter.
Phorum Phorum 5.0.7 Beta
1 EDB exploit
668
VMScore
CVE-2004-2243
Phorum allows remote malicious users to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous.
Phorum Phorum 4.3.7
383
VMScore
CVE-2005-0784
Multiple cross-site scripting (XSS) vulnerabilities in Phorum prior to 5.0.15 allow remote malicious users to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel.
Phorum Phorum 5.0.14
454
VMScore
CVE-2006-3615
Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote malicious users to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable.
Phorum Phorum 5.1.14
505
VMScore
CVE-2000-1228
Phorum 3.0.7 allows remote malicious users to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.
Phorum Phorum 3.0.7
1 EDB exploit
445
VMScore
CVE-2000-1229
Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin....
Phorum Phorum 3.0.7
505
VMScore
CVE-2000-1230
Backdoor in auth.php3 in Phorum 3.0.7 allows remote malicious users to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman".
Phorum Phorum 3.0.7
1 EDB exploit
445
VMScore
CVE-2000-1231
code.php3 in Phorum 3.0.7 allows remote malicious users to read arbitrary files in the phorum directory via the query string.
Phorum Phorum 3.0.7
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
inject
CVE-2024-34001
CVE-2024-37018
LFI
CVE-2024-1275
CVE-2024-1086
CSRF
CVE-2024-31030
CVE-2024-24919
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »