Filtered by vendor Phorum
Subscriptions
Total
57 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2000-1228 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables. | ||||
| CVE-2000-1231 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary files in the phorum directory via the query string. | ||||
| CVE-2000-1232 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify certain Phorum database tables via an unknown method. | ||||
| CVE-2004-2242 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter. | ||||
| CVE-2004-2241 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor's patch. | ||||
| CVE-2004-2240 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php. | ||||
| CVE-2004-2110 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. | ||||
| CVE-2004-0035 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. | ||||
| CVE-2003-1465 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files. | ||||
| CVE-2002-2340 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response. | ||||
| CVE-2000-1230 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman". | ||||
| CVE-2000-1233 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter. | ||||
| CVE-2003-1467 | 4 Linux, Microsoft, Phorum and 1 more | 4 Linux Kernel, All Windows, Phorum and 1 more | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors. | ||||
| CVE-2003-1486 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list_rdf.php, (8) forum_list.php, or (9) move.php, which leaks the information in an error message. | ||||
| CVE-2004-1822 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php. | ||||
| CVE-2004-1938 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows remote attackers to execute arbitrary SQL commands via doubly hex-encoded characters such as "%2527", which is translated to "'", as demonstrated using the phorum_uriauth parameter to list.php. | ||||
| CVE-2005-0783 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file. | ||||
| CVE-2005-0843 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header. | ||||
| CVE-2003-0283 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows remote attackers to inject arbitrary web script and HTML tags via a message with a "<<" before a tag name in the (1) subject, (2) author's name, or (3) author's e-mail. | ||||
| CVE-2005-3543 | 1 Phorum | 1 Phorum | 2025-04-03 | N/A |
| SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter. | ||||