CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2003-1487

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1690%
EPSS Percentile40.40th
Published2003年12月31日
Last Modified2026年4月16日

Vulnerability Description

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.

Affected Platforms (CPE)

📦
Phorum

Phorum

= 3.4
📦
Phorum

Phorum

= 3.4.1
📦
Phorum

Phorum

= 3.4.2

References & Advisories

🔗 http://securityreason.com/securityalert/3288
🔗 http://www.securityfocus.com/archive/1/321310
🔗 http://www.securityfocus.com/bid/7574
🔗 http://www.securityfocus.com/bid/7578
🔗 http://www.securityfocus.com/bid/7579
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/12500
🔗 http://securityreason.com/securityalert/3288
🔗 http://www.securityfocus.com/archive/1/321310

相關漏洞威脅

CVE-2002-07647.5

Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) d...

CVE-2003-14667.5

Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote attackers to use Phorum as a connection proxy to other sites v...

CVE-2000-12337.5

SQL injection vulnerability in read.php3 and other scripts in Phorum 3.0.7 allows remote attackers to execute arbitrary SQL querie...

CVE-2004-00357.5

SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands...

CVE-2003-1487 Detail & Impact Analysis | CVSS 10.0 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space