CVSS: 7.5EPSS: 1%CPEs: 1EXPL: 6CVE-2007-2339 – Phorum 5.1.20 - 'admin.php' badwords/banlist Module SQL Injection
https://notcve.org/view.php?id=CVE-2007-2339
Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php. Múltiples vulnerabilidades de inyección SQL en Phorum anterior a 5.1.22 permite a atacantes remotos ejecutar comandos SQL de su elección a través de (1)un nombre modificado del parámetro de los recipientes en (a) pm.php; (2) el parámetro curr en (b)badwords (también conocido como censorlist) o (c) móldulo banlist en admin.php; o (3) el campo "editar grupos / Añadir grupo" en el módulo (d) groups en admin.php. • https://www.exploit-db.com/exploits/29893 https://www.exploit-db.com/exploits/29894 https://www.exploit-db.com/exploits/29892 http://osvdb.org/35062 http://osvdb.org/35063 http://osvdb.org/35064 http://secunia.com/advisories/24932 http://securityreason.com/securityalert/2617 http://securitytracker.com/id?1017936 http://www.phorum.org/story.php?76 http://www.securityfocus.com/archive/1/466286/100/0/threaded http://www.securityfocus.com/bid/23616 http://www •
CVSS: 5.0EPSS: 2%CPEs: 1EXPL: 3CVE-2007-2250 – Phorum 5.1.20 - 'admin.php?module[]' Full Path Disclosure
https://notcve.org/view.php?id=CVE-2007-2250
admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter. admin.php de Phorum versiones anteriores a 5.1.22 permite a atacantes remotos obtener la ruta completa mediante el parámetro module[]. • https://www.exploit-db.com/exploits/29890 http://osvdb.org/35060 http://secunia.com/advisories/24932 http://securityreason.com/securityalert/2617 http://www.phorum.org/story.php?76 http://www.securityfocus.com/archive/1/466286/100/0/threaded http://www.securityfocus.com/bid/23616 http://www.securitytracker.com/id?1017936 http://www.vupen.com/english/advisories/2007/1479 http://www.waraxe.us/advisory-49.html •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 6CVE-2007-2248 – Phorum 5.1.20 - 'admin.php?Groups Module group_id' Cross-Site Scripting
https://notcve.org/view.php?id=CVE-2007-2248
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en admin.php de Phorum anterior a 5.1.22 permite a atacantes remotos inyectar secuencias de comandos web o HTML de su elección mediante el (1) parámetro group_id en el módulo groups o el (2) parámetro smiley_id en el módulo smileys modsettings. • https://www.exploit-db.com/exploits/29887 https://www.exploit-db.com/exploits/29888 http://osvdb.org/35057 http://osvdb.org/35058 http://secunia.com/advisories/24932 http://securityreason.com/securityalert/2617 http://www.phorum.org/story.php?76 http://www.securityfocus.com/archive/1/466286/100/0/threaded http://www.securityfocus.com/bid/23616 http://www.securitytracker.com/id?1017936 http://www.waraxe.us/advisory-49.html • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.5EPSS: 2%CPEs: 1EXPL: 3CVE-2007-2249 – Phorum 5.1.20 - '/include/controlcenter/users.php' Multiple Method Privilege Escalations
https://notcve.org/view.php?id=CVE-2007-2249
include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array. include/controlcenter/users.php de Phorum anterior a 5.1.22 permite a moderadores autenticados remotamente obtener privilegios mediante (1) un parámetro user_ids o (1) un array userdata modificados. • https://www.exploit-db.com/exploits/29889 http://osvdb.org/35059 http://secunia.com/advisories/24932 http://securityreason.com/securityalert/2617 http://www.phorum.org/story.php?76 http://www.securityfocus.com/archive/1/466286/100/0/threaded http://www.securityfocus.com/bid/23616 http://www.securitytracker.com/id?1017936 http://www.vupen.com/english/advisories/2007/1479 http://www.waraxe.us/advisory-49.html •
CVSS: 7.5EPSS: 7%CPEs: 1EXPL: 2CVE-2007-1219 – Admin Phorum 3.3.1a - 'del.php?include_path' Remote File Inclusion
https://notcve.org/view.php?id=CVE-2007-1219
PHP remote file inclusion vulnerability in actions/del.php in Admin Phorum 3.3.1a allows remote attackers to execute arbitrary PHP code via a URL in the include_path parameter. Vulnerabilidad de inclusión remota de archivo en PHP en el actions/del.php del Admin Phorum 3.3.1a permite a atacantes remotos ejecutar código PHP de su elección mediante una URL en el parámetro include_path. • https://www.exploit-db.com/exploits/3382 http://osvdb.org/34635 http://www.securityfocus.com/bid/22739 http://www.vupen.com/english/advisories/2007/0778 https://exchange.xforce.ibmcloud.com/vulnerabilities/32719 •