Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
phorum phorum vulnerabilities and exploits
(subscribe to this query)
10
CVSSv2
CVE-2003-1487
Multiple "command injection" vulnerabilities in Phorum 3.4 up to and including 3.4.2 allow remote malicious users to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.
Phorum Phorum 3.4
Phorum Phorum 3.4.2
Phorum Phorum 3.4.1
7.5
CVSSv2
CVE-2007-2339
Multiple SQL injection vulnerabilities in Phorum prior to 5.1.22 allow remote malicious users to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.p...
Phorum Phorum
3 EDB exploits
7.5
CVSSv2
CVE-2007-2338
Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum prior to 5.1.22 allows remote malicious users to perform unauthorized banlist deletions as an administrator via the delete parameter.
Phorum Phorum
1 EDB exploit
7.5
CVSSv2
CVE-2007-1219
PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote malicious users to execute arbitrary PHP code via a URL in the include_path parameter.
Admin Phorum Admin Phorum 3.3.1a
1 EDB exploit
7.5
CVSSv2
CVE-2006-6550
PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use
Phorum Phorum 3.2.11
1 EDB exploit
7.5
CVSSv2
CVE-2006-3249
SQL injection vulnerability in search.php in Phorum 5.1.14 and previous versions allows remote malicious users to execute arbitrary SQL commands via the page parameter. NOTE: the vendor has disputed this report, stating "If a non positive integer or non-integer is used for t...
Phorum Phorum
7.5
CVSSv2
CVE-2006-3053
PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is ...
Phorum Phorum 3.2.2
Phorum Phorum 3.1.1 Pre
Phorum Phorum 3.4.6
Phorum Phorum 3.2.3
Phorum Phorum 5.0.15a
Phorum Phorum 3.2.7
Phorum Phorum 3.4.3
Phorum Phorum 3.1.1
Phorum Phorum 3.2.8
Phorum Phorum 3.3.1a
Phorum Phorum 3.4.4
Phorum Phorum 5.0.17a
Phorum Phorum 3.3.1
Phorum Phorum 3.4
Phorum Phorum 3.3.2
Phorum Phorum 3.1.1 Rc2
Phorum Phorum 5.0.18
Phorum Phorum 3.1.1a
Phorum Phorum 3.4.5
Phorum Phorum 5.0.12
Phorum Phorum 3.4.8a
Phorum Phorum 3.2.5
1 EDB exploit
7.5
CVSSv2
CVE-2004-2243
Phorum allows remote malicious users to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous.
Phorum Phorum 4.3.7
7.5
CVSSv2
CVE-2004-2110
SQL injection vulnerability in register.php in Phorum prior to 3.4.6 allows remote malicious users to execute arbitrary SQL commands via the hide_email parameter.
Phorum Phorum
7.5
CVSSv2
CVE-2004-2240
Multiple SQL injection vulnerabilities in Phorum 5.0.11 and previous versions allow remote malicious users to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.
Phorum Phorum 5.0.11
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
log injection
CVE-2024-37079
type confusion
CVE-2024-32943
CVE-2024-30103
CVE-2024-37350
arbitrary code
CVE-2024-6189
CVE-2024-6225
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »