Search Results (57 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2008-4513 1 Phorum 1 Phorum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags.
CVE-2008-1486 1 Phorum 1 Phorum 2026-04-23 N/A
SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search.
CVE-2007-0767 1 Phorum 1 Phorum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the core in Phorum before 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2006-6968 1 Phorum 1 Phorum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in the group moderation control center page in Phorum before 5.1.19 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-2338 1 Phorum 1 Phorum 2026-04-23 N/A
Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter.
CVE-2006-6550 1 Phorum 1 Phorum 2026-04-23 N/A
PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use
CVE-2009-0488 1 Phorum 1 Phorum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
CVE-2007-2248 1 Phorum 1 Phorum 2026-04-23 N/A
Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module.
CVE-2007-2339 1 Phorum 1 Phorum 2026-04-23 N/A
Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.
CVE-2007-0769 1 Phorum 1 Phorum 2026-04-23 N/A
Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly.
CVE-2007-2249 1 Phorum 1 Phorum 2026-04-23 N/A
include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.
CVE-2007-2250 1 Phorum 1 Phorum 2026-04-23 N/A
admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter.
CVE-2005-0843 1 Phorum 1 Phorum 2026-04-16 N/A
CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header.
CVE-2004-0035 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
CVE-2000-1232 1 Phorum 1 Phorum 2026-04-16 N/A
upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify certain Phorum database tables via an unknown method.
CVE-2004-1518 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier allows remote authenticated users to execute arbitrary SQL command via the forum_id parameter.
CVE-2004-0034 1 Phorum 1 Phorum 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 and earlier allow remote attackers to inject arbitrary HTML or web script via (1) the phorum_check_xss function in common.php, (2) the EditError variable in profile.php, and (3) the Error variable in login.php.
CVE-2002-2340 1 Phorum 1 Phorum 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a allows remote attackers to inject arbitrary web script or HTML via (1) the t parameter or (2) the body of an email response.
CVE-2000-1228 1 Phorum 1 Phorum 2026-04-16 N/A
Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.
CVE-2000-1233 1 Phorum 1 Phorum 2026-04-16 N/A
SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL queries via the sSQL parameter.