Vulnerabilities > Phorum > Phorum > 5.0.9
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-01-22 | CVE-2011-3622 | Cross-site Scripting vulnerability in Phorum A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18. | 6.1 |
| 2010-05-19 | CVE-2010-1629 | Cross-Site Scripting vulnerability in Phorum Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address. | 4.3 |
| 2007-04-27 | CVE-2007-2339 | SQL-Injection vulnerability in Phorum Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php. | 7.5 |
| 2007-04-27 | CVE-2007-2338 | Input Validation vulnerability in Phorum Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter. | 7.5 |
| 2007-04-25 | CVE-2007-2250 | Input Validation vulnerability in Phorum admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter. | 5.0 |
| 2007-04-25 | CVE-2007-2249 | Input Validation vulnerability in Phorum include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array. | 6.5 |
| 2007-04-25 | CVE-2007-2248 | Cross-Site Scripting vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module. | 4.3 |
| 2005-11-16 | CVE-2005-3543 | SQL Injection vulnerability in Phorum SQL injection vulnerability in search.php in Phorum 5.0.0alpha through 5.0.20, when register_globals is enabled, allows remote attackers to execute arbitrary SQL commands via the forum_ids parameter. | 6.8 |
| 2005-09-07 | CVE-2005-2836 | Cross-Site Scripting vulnerability in Phorum Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the username parameter to register.php or (2) a signature of a logged-in user in "My Control Center," which is not properly handled by control.php. network phorum | 4.3 |
| 2004-12-31 | CVE-2004-1518 | SQL Injection vulnerability in Phorum FOLLOW.PHP SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter. | 4.6 |