Phorum » Phorum » 3.2.6 : Security Vulnerabilities, CVEs, Published In 2004

cpe:2.3:a:phorum:phorum:3.2.6:*:*:*:*:*:*:*

CVE-2004-2110

SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
Max CVSS
7.5
EPSS Score
0.18%
Published
2004-12-31
Updated
2016-10-18

CVE-2004-1822

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 through 5.0.3 beta allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP_REFERER parameter to login.php, (2) HTTP_REFERER parameter to register.php, or (3) target parameter to profile.php.
Max CVSS
4.3
EPSS Score
0.65%
Published
2004-03-15
Updated
2017-07-11

CVE-2004-0035

SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
Max CVSS
7.5
EPSS Score
0.51%
Published
2004-01-20
Updated
2017-10-10

CVE-2004-0034

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php.
Max CVSS
4.3
EPSS Score
1.12%
Published
2004-01-20
Updated
2017-07-11
4 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close