Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phorum vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2000-1229
Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin....
Phorum Phorum 3.0.7
NA
CVE-2000-1231
code.php3 in Phorum 3.0.7 allows remote malicious users to read arbitrary files in the phorum directory via the query string.
Phorum Phorum 3.0.7
NA
CVE-2000-1234
violation.php3 in Phorum 3.0.7 allows remote malicious users to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters.
Phorum Phorum 3.0.7
1 EDB exploit
1 Github repository
NA
CVE-2011-3768
Phorum 5.2.15a allows remote malicious users to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files.
Phorum Phorum 5.2.15a
NA
CVE-2008-4513
Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote malicious users to inject arbitrary web script or HTML via nested BBcode image tags.
Phorum Phorum 5.2.8
NA
CVE-2005-0843
CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote malicious users to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header.
Phorum Phorum 5.0.14a
1 EDB exploit
NA
CVE-2002-0764
Phorum 3.3.2a allows remote malicious users to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands.
Phorum Phorum 3.3.2a
1 EDB exploit
NA
CVE-2004-2242
Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and previous versions, allows remote malicious users to inject arbitrary HTML or web script via the subject parameter.
Phorum Phorum 5.0.7 Beta
1 EDB exploit
NA
CVE-2007-0769
Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote malicious users to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly.
Phorum Phorum 5.1.18
NA
CVE-2004-2240
Multiple SQL injection vulnerabilities in Phorum 5.0.11 and previous versions allow remote malicious users to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.
Phorum Phorum 5.0.11
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
NULL pointer dereference
CVE-2023-52689
CVE-2024-23803
client side
CVE-2023-52696
information disclosure
CVE-2024-35843
CVE-2024-27130
CVE-2023-52697
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6
NEXT »