CVEブラウザに戻る

CVE-2004-0035

HIGH

7.5

CVSS Severity Score

EPSS Score0.0140%

EPSS Percentile4.31th

Published2004年1月20日

Last Modified2026年4月16日

Vulnerability Description

SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.

Affected Platforms (CPE)

📦

Phorum

Phorum

<= 3.4.5

References & Advisories

🔗 http://marc.info/?l=bugtraq&m=107340481804110&w=2

🔗 http://secunia.com/advisories/10567

🔗 http://www.osvdb.org/3508

🔗 http://www.securityfocus.com/bid/9363

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/14146

🔗 http://marc.info/?l=bugtraq&m=107340481804110&w=2

🔗 http://secunia.com/advisories/10567

🔗 http://www.osvdb.org/3508

関連する脆弱性情報

CVE-2003-148710.0

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and ...

CVE-2003-14667.5

Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites v...

CVE-2000-12337.5

SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL querie...

CVE-2002-07647.5

Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) d...