Search Results (57 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2002-0352 1 Phorum 1 Phorum 2026-04-16 N/A
Phorum 3.3.2 allows remote attackers to determine the email addresses of the 10 most active users via a direct HTTP request to the stats.php program, which does not require authentication.
CVE-2003-1466 1 Phorum 1 Phorum 2026-04-16 N/A
Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites via (1) register.php or (2) login.php.
CVE-2004-0034 1 Phorum 1 Phorum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php.
CVE-2004-0035 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
CVE-2000-1230 1 Phorum 1 Phorum 2026-04-16 N/A
Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to access restricted web pages via an HTTP request with the PHP_AUTH_USER parameter set to "boogieman".
CVE-2004-2110 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in register.php in Phorum before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
CVE-2004-1518 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter.
CVE-2006-3611 1 Phorum 1 Phorum 2026-04-16 N/A
Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences into a log file, which is then included by pm.php.
CVE-2012-6659 1 Phorum 1 Phorum 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
CVE-2012-4234 1 Phorum 1 Phorum 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter.
CVE-2010-1629 1 Phorum 1 Phorum 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address.
CVE-2011-3768 1 Phorum 1 Phorum 2025-04-11 N/A
Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files.
CVE-2011-4561 1 Phorum 1 Phorum 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information.
CVE-2011-3392 1 Phorum 1 Phorum 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter.
CVE-2011-3382 1 Phorum 1 Phorum 2025-04-11 N/A
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2011-3381 1 Phorum 1 Phorum 2025-04-11 N/A
Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
CVE-2011-3622 1 Phorum 1 Phorum 2024-11-21 6.1 Medium
A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18.