Vulnerabilities > CVE-2000-1228 - Unspecified vulnerability in Phorum 3.0.7

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
phorum
exploit available

Summary

Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.

Vulnerable Configurations

Part Description Count
Application
Phorum
1

Exploit-Db

descriptionPhorum 3.0.7 admin.php3 Unverified Administrative Password Change Vulnerability. CVE-2000-1228. Webapps exploit for php platform
idEDB-ID:20586
last seen2016-02-02
modified2000-01-06
published2000-01-06
reporterMax Vision
sourcehttps://www.exploit-db.com/download/20586/
titlePhorum 3.0.7 admin.php3 Unverified Administrative Password Change Vulnerability