CVE-2004-2240 - Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify

CVE-2004-2240

Summary

Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.

References

http://phorum.org/cvs-changelog-5.txt
http://secunia.com/advisories/12980
http://securitytracker.com/id?1011921
http://www.maxpatrol.com/advdetails.asp?id=15
http://www.maxpatrol.com/mp_advisory.asp
http://www.osvdb.org/11129
http://www.securityfocus.com/bid/11538
https://exchange.xforce.ibmcloud.com/vulnerabilities/17847

Vulnerable Configurations

cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*
cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 11-07-2017 - 01:31)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

bid	11538
confirm	http://phorum.org/cvs-changelog-5.txt
misc	http://www.maxpatrol.com/advdetails.asp?id=15 http://www.maxpatrol.com/mp_advisory.asp
osvdb	11129
sectrack	1011921
secunia	12980
xf	phorum-sql-injection(17847)

Last major update

11-07-2017 - 01:31

Published

31-12-2004 - 05:00

Last modified

11-07-2017 - 01:31