CyberSec.Space Logo
Back to CVE Browser

CVE-2002-0764

HIGH
7.5
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile27.60th
PublishedAug 12, 2002
Last ModifiedApr 16, 2026

Vulnerability Description

Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands.

Affected Platforms (CPE)

πŸ“¦
Phorum

Phorum

= 3.3.2a

References & Advisories

πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-05/0147.html
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-05/0153.html
πŸ”— http://www.iss.net/security_center/static/9107.php
πŸ”— http://www.phorum.org/
πŸ”— http://www.securityfocus.com/bid/4763
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-05/0147.html
πŸ”— http://archives.neohapsis.com/archives/bugtraq/2002-05/0153.html
πŸ”— http://www.iss.net/security_center/static/9107.php

Related Vulnerabilities

CVE-2003-148710.0

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and ...

CVE-2003-14667.5

Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites v...

CVE-2000-12337.5

SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL querie...

CVE-2004-00357.5

SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands...