Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phorum phorum vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2000-1230
Backdoor in auth.php3 in Phorum 3.0.7 allows remote malicious users to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman".
Phorum Phorum 3.0.7
1 EDB exploit
NA
CVE-2000-1231
code.php3 in Phorum 3.0.7 allows remote malicious users to read arbitrary files in the phorum directory via the query string.
Phorum Phorum 3.0.7
NA
CVE-2000-1232
upgrade.php3 in Phorum 3.0.7 could allow remote malicious users to modify certain Phorum database tables via an unknown method.
Phorum Phorum 3.0.7
NA
CVE-2000-1233
SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote malicious users to execute arbitrary SQL queries via the sSQL parameter.
Phorum Phorum 3.0.7
NA
CVE-2002-2340
Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote malicious users to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response.
Phorum Phorum 3.3.2a
NA
CVE-2000-1234
violation.php3 in Phorum 3.0.7 allows remote malicious users to send e-mails to arbitrary addresses and possibly use Phorum as a "spam proxy" by setting the Mod and ForumName parameters.
Phorum Phorum 3.0.7
1 EDB exploit
1 Github repository
NA
CVE-2007-1219
PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote malicious users to execute arbitrary PHP code via a URL in the include_path parameter.
Admin Phorum Admin Phorum 3.3.1a
1 EDB exploit
NA
CVE-2006-1151
Cross-site scripting vulnerability in index.php in M-Phorum 0.2 allows remote malicious users to inject arbitrary web script or HTML via the go parameter.
M Phorum M Phorum 0.2
1 EDB exploit
NA
CVE-2006-1152
PHP remote file inclusion vulnerability in index.php in M-Phorum 0.2 allows remote malicious users to include arbitrary files via the go parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
M Phorum M Phorum 0.2
NA
CVE-2004-1518
SQL injection vulnerability in follow.php in Phorum 5.0.12 and previous versions allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
5
6