返回 CVE 瀏覽器

CVE-2002-0764

HIGH

7.5

CVSS Severity Score

EPSS Score0.1370%

EPSS Percentile27.60th

Published2002年8月12日

Last Modified2026年4月16日

Vulnerability Description

Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands.

Affected Platforms (CPE)

📦

Phorum

Phorum

= 3.3.2a

References & Advisories

🔗 http://archives.neohapsis.com/archives/bugtraq/2002-05/0147.html

🔗 http://archives.neohapsis.com/archives/bugtraq/2002-05/0153.html

🔗 http://www.iss.net/security_center/static/9107.php

🔗 http://www.phorum.org/

🔗 http://www.securityfocus.com/bid/4763

🔗 http://archives.neohapsis.com/archives/bugtraq/2002-05/0147.html

🔗 http://archives.neohapsis.com/archives/bugtraq/2002-05/0153.html

🔗 http://www.iss.net/security_center/static/9107.php

相關漏洞威脅

CVE-2003-148710.0

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and ...

CVE-2003-14667.5

Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites v...

CVE-2000-12337.5

SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL querie...

CVE-2004-00357.5

SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands...

CVE-2002-0764 Detail & Impact Analysis | CVSS 7.5 (HIGH) | Cyber-Sec.Space | Cyber-Sec.Space