Vulnerabilities > CVE-2004-2243 - Unspecified vulnerability in Phorum 4.3.7
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
References
- http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0999.html
- http://archives.neohapsis.com/archives/fulldisclosure/2004-05/0999.html
- http://securitytracker.com/id?1010219
- http://securitytracker.com/id?1010219
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16215
- https://exchange.xforce.ibmcloud.com/vulnerabilities/16215