CyberSec.Space Logo
Back to CVE Browser

CVE-2004-0035

HIGH
7.5
CVSS Severity Score
EPSS Score0.0140%
EPSS Percentile4.31th
PublishedJan 20, 2004
Last ModifiedApr 16, 2026

Vulnerability Description

SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.

Affected Platforms (CPE)

πŸ“¦
Phorum

Phorum

<= 3.4.5

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=107340481804110&w=2
πŸ”— http://secunia.com/advisories/10567
πŸ”— http://www.osvdb.org/3508
πŸ”— http://www.securityfocus.com/bid/9363
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/14146
πŸ”— http://marc.info/?l=bugtraq&m=107340481804110&w=2
πŸ”— http://secunia.com/advisories/10567
πŸ”— http://www.osvdb.org/3508

Related Vulnerabilities

CVE-2003-148710.0

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and ...

CVE-2003-14667.5

Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites v...

CVE-2000-12337.5

SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL querie...

CVE-2002-07647.5

Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) d...