Phorum

Phorum

56 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
7.5

CVE-2006-6550

  • EPSS 5.42%
  • Veröffentlicht 14.12.2006 18:28:00
  • Zuletzt bearbeitet 09.04.2025 00:30:58

PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use

5.1

CVE-2006-3615

  • EPSS 1.27%
  • Veröffentlicht 18.07.2006 15:46:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple PHP remote file inclusion vulnerabilities in Phorum 5.1.14, when register_globals is enabled, allow remote attackers to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable.

2.6

CVE-2006-3612

  • EPSS 0.3%
  • Veröffentlicht 18.07.2006 15:46:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Cross-site scripting (XSS) vulnerability in Phorum 5.1.14 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

5.5

CVE-2006-3611

Exploit
  • EPSS 2.72%
  • Veröffentlicht 18.07.2006 15:46:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences in...

7.5

CVE-2006-3249

  • EPSS 1.05%
  • Veröffentlicht 27.06.2006 10:05:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in search.php in Phorum 5.1.14 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter. NOTE: the vendor has disputed this report, stating "If a non positive integer or non-integer is ...

7.5

CVE-2006-3053

Exploit
  • EPSS 5.72%
  • Veröffentlicht 16.06.2006 10:02:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "comm...

6.8

CVE-2005-3543

Exploit
  • EPSS 1.11%
  • Veröffentlicht 16.11.2005 07:42:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter.

4.3

CVE-2005-2836

Exploit
  • EPSS 0.43%
  • Veröffentlicht 07.09.2005 20:03:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Cente...

5

CVE-2005-0843

  • EPSS 3.22%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header.

4.3

CVE-2005-0784

Exploit
  • EPSS 0.48%
  • Veröffentlicht 02.05.2005 04:00:00
  • Zuletzt bearbeitet 03.04.2025 01:03:51

Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel.