| Max CVSS | 10.0 | Min CVSS | 4.3 | Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published | |
| CVE-2003-1467 | 4.3 |
Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, (2) register.php, (3) post.php, and (4) common.php in Phorum before 3.4.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.
|
29-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
| CVE-2003-1486 | 5.0 |
Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full path of the web server via an incorrect HTTP request to (1) smileys.php, (2) quick_listrss.php, (3) purge.php, (4) news.php, (5) memberlist.php, (6) forum_listrss.php, (7) forum_list
|
29-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
| CVE-2003-1465 | 5.0 |
Directory traversal vulnerability in download.php in Phorum 3.4 through 3.4.2 allows remote attackers to read arbitrary files.
|
29-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
| CVE-2003-1487 | 10.0 |
Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.
|
29-07-2017 - 01:29 | 31-12-2003 - 05:00 | |
| CVE-2003-1466 | 7.5 |
Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php.
|
05-09-2008 - 20:37 | 31-12-2003 - 05:00 |