Vulnerabilities > Phorum > Phorum

DATE CVE VULNERABILITY TITLE RISK
2020-01-22 CVE-2011-3622 Cross-site Scripting vulnerability in Phorum
A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.
network
low complexity
phorum CWE-79
6.1
2011-11-28 CVE-2011-4561 Cross-Site Scripting vulnerability in Phorum 5.2.18
Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php.
network
phorum CWE-79
4.3
2011-09-24 CVE-2011-3768 Information Exposure vulnerability in Phorum 5.2.15A
Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files.
network
low complexity
phorum CWE-200
5.0
2010-05-19 CVE-2010-1629 Cross-Site Scripting vulnerability in Phorum
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address.
network
phorum CWE-79
4.3
2007-04-27 CVE-2007-2339 SQL-Injection vulnerability in Phorum
Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.
network
low complexity
phorum
7.5
2007-04-27 CVE-2007-2338 Input Validation vulnerability in Phorum
Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter.
network
low complexity
phorum
7.5
2007-04-25 CVE-2007-2250 Input Validation vulnerability in Phorum
admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter.
network
low complexity
phorum
5.0
2007-04-25 CVE-2007-2249 Input Validation vulnerability in Phorum
include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.
network
low complexity
phorum
6.5
2007-04-25 CVE-2007-2248 Cross-Site Scripting vulnerability in Phorum
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.
network
phorum CWE-79
4.3
2005-11-16 CVE-2005-3543 SQL Injection vulnerability in Phorum
SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter.
network
phorum CWE-89
6.8