Vulnerabilities > CVE-2000-1228 - Unspecified vulnerability in Phorum 3.0.7

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

phorum

exploit available

NVD

Published: 2000-12-31

Updated: 2008-09-05

Summary

Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.

Vulnerable Configurations

Part	Description	Count
Application	Phorum Phorum Phorum 3.0.7	1

Exploit-Db

description	Phorum 3.0.7 admin.php3 Unverified Administrative Password Change Vulnerability. CVE-2000-1228. Webapps exploit for php platform
id	EDB-ID:20586
last seen	2016-02-02
modified	2000-01-06
published	2000-01-06
reporter	Max Vision
source	https://www.exploit-db.com/download/20586/
title	Phorum 3.0.7 admin.php3 Unverified Administrative Password Change Vulnerability

Summary

Vulnerable Configurations

Exploit-Db

References