CyberSec.Space Logo
CVEブラウザに戻る

CVE-2003-1487

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1690%
EPSS Percentile40.40th
Published2003年12月31日
Last Modified2026年4月16日

Vulnerability Description

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.

Affected Platforms (CPE)

📦
Phorum

Phorum

= 3.4
📦
Phorum

Phorum

= 3.4.1
📦
Phorum

Phorum

= 3.4.2

References & Advisories

🔗 http://securityreason.com/securityalert/3288
🔗 http://www.securityfocus.com/archive/1/321310
🔗 http://www.securityfocus.com/bid/7574
🔗 http://www.securityfocus.com/bid/7578
🔗 http://www.securityfocus.com/bid/7579
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/12500
🔗 http://securityreason.com/securityalert/3288
🔗 http://www.securityfocus.com/archive/1/321310

関連する脆弱性情報

CVE-2002-07647.5

Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) d...

CVE-2003-14667.5

Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites v...

CVE-2000-12337.5

SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL querie...

CVE-2004-00357.5

SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands...

CVE-2003-1487 Detail & Impact Analysis | CVSS 10.0 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space