| Max CVSS | 7.5 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2007-2339 | 7.5 |
Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) ban
|
16-10-2018 - 16:43 | 27-04-2007 - 16:19 | |
| CVE-2007-2338 | 7.5 |
Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter.
|
16-10-2018 - 16:43 | 27-04-2007 - 16:19 | |
| CVE-2007-2249 | 6.5 |
include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.
|
16-10-2018 - 16:42 | 25-04-2007 - 16:19 | |
| CVE-2007-2250 | 5.0 |
admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter.
|
16-10-2018 - 16:42 | 25-04-2007 - 16:19 | |
| CVE-2007-2248 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys m
|
16-10-2018 - 16:42 | 25-04-2007 - 16:19 |