CyberSec.Space Logo
CVEブラウザに戻る

CVE-2002-0764

HIGH
7.5
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile27.60th
Published2002年8月12日
Last Modified2026年4月16日

Vulnerability Description

Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands.

Affected Platforms (CPE)

📦
Phorum

Phorum

= 3.3.2a

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2002-05/0147.html
🔗 http://archives.neohapsis.com/archives/bugtraq/2002-05/0153.html
🔗 http://www.iss.net/security_center/static/9107.php
🔗 http://www.phorum.org/
🔗 http://www.securityfocus.com/bid/4763
🔗 http://archives.neohapsis.com/archives/bugtraq/2002-05/0147.html
🔗 http://archives.neohapsis.com/archives/bugtraq/2002-05/0153.html
🔗 http://www.iss.net/security_center/static/9107.php

関連する脆弱性情報

CVE-2003-148710.0

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and ...

CVE-2003-14667.5

Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites v...

CVE-2000-12337.5

SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL querie...

CVE-2004-00357.5

SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands...