CyberSec.Space Logo
Back to CVE Browser

CVE-2003-1487

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1690%
EPSS Percentile40.40th
PublishedDec 31, 2003
Last ModifiedApr 16, 2026

Vulnerability Description

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.

Affected Platforms (CPE)

πŸ“¦
Phorum

Phorum

= 3.4
πŸ“¦
Phorum

Phorum

= 3.4.1
πŸ“¦
Phorum

Phorum

= 3.4.2

References & Advisories

πŸ”— http://securityreason.com/securityalert/3288
πŸ”— http://www.securityfocus.com/archive/1/321310
πŸ”— http://www.securityfocus.com/bid/7574
πŸ”— http://www.securityfocus.com/bid/7578
πŸ”— http://www.securityfocus.com/bid/7579
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/12500
πŸ”— http://securityreason.com/securityalert/3288
πŸ”— http://www.securityfocus.com/archive/1/321310

Related Vulnerabilities

CVE-2002-07647.5

Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) d...

CVE-2003-14667.5

Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites v...

CVE-2000-12337.5

SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL querie...

CVE-2004-00357.5

SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands...