Phorum : Security Vulnerabilities, CVEs, Published In 2002
Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response.
Max CVSS
4.3
EPSS Score
0.23%
Published
2002-12-31
Updated
2016-10-18
Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands.
Max CVSS
7.5
EPSS Score
81.84%
Published
2002-08-12
Updated
2008-09-05
Phorum 3.3.2 allows remote attackers to determine the email addresses of the 10 most active users via a direct HTTP request to the stats.php program, which does not require authentication.
Max CVSS
5.0
EPSS Score
0.59%
Published
2002-06-25
Updated
2016-10-18
3 vulnerabilities found