Filtered by vendor Phorum
Subscriptions
Total
57 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2006-6550 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use | ||||
| CVE-2007-0769 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly. | ||||
| CVE-2007-2339 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php. | ||||
| CVE-2007-2250 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter. | ||||
| CVE-2007-2338 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter. | ||||
| CVE-2009-0488 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-0767 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the core in Phorum before 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-2249 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array. | ||||
| CVE-2006-6968 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in the group moderation control center page in Phorum before 5.1.19 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. | ||||
| CVE-2007-2248 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module. | ||||
| CVE-2008-4513 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags. | ||||
| CVE-2008-1486 | 1 Phorum | 1 Phorum | 2026-04-23 | N/A |
| SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search. | ||||
| CVE-2000-1228 | 1 Phorum | 1 Phorum | 2026-04-16 | N/A |
| Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables. | ||||
| CVE-2004-2243 | 1 Phorum | 1 Phorum | 2026-04-16 | N/A |
| Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous. | ||||
| CVE-2004-1518 | 1 Phorum | 1 Phorum | 2026-04-16 | N/A |
| SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter. | ||||
| CVE-2004-2242 | 1 Phorum | 1 Phorum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in search.php in Phorum, possibly 5.0.7 beta and earlier, allows remote attackers to inject arbitrary HTML or web script via the subject parameter. | ||||
| CVE-2004-2241 | 1 Phorum | 1 Phorum | 2026-04-16 | N/A |
| Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier allows remote attackers to inject arbitrary HTML or web script via search.php. NOTE: some sources have reported that the affected file is read.php, but this is inconsistent with the vendor's patch. | ||||
| CVE-2004-0035 | 1 Phorum | 1 Phorum | 2026-04-16 | N/A |
| SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter. | ||||
| CVE-2006-3053 | 1 Phorum | 1 Phorum | 2026-04-16 | N/A |
| PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor | ||||
| CVE-2004-2240 | 1 Phorum | 1 Phorum | 2026-04-16 | N/A |
| Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php. | ||||