Vulnerabilities > Phorum > Phorum > 5.0.11
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2004-12-31 | CVE-2004-2240 | Cross-Site Scripting and SQL Injection vulnerability in Phorum 5.0.11 Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php. | 7.5 |
2004-12-31 | CVE-2004-1518 | SQL Injection vulnerability in Phorum FOLLOW.PHP SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter. | 4.6 |