Multiple "command injection" vulnerabilities in Phorum 3.4 up to and including 3.4.2 allow remote malicious users to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phorum phorum 3.4 |
||
phorum phorum 3.4.2 |
||
phorum phorum 3.4.1 |