CVE-2004-2240

Опубликовано: 31 дек. 2004

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.

Ссылки

http://phorum.org/cvs-changelog-5.txt
http://secunia.com/advisories/12980
Vendor Advisory
http://securitytracker.com/id?1011921
Exploit
http://www.maxpatrol.com/advdetails.asp?id=15
Exploit
Vendor Advisory
http://www.maxpatrol.com/mp_advisory.asp
http://www.osvdb.org/11129
Exploit
Patch
http://www.securityfocus.com/bid/11538
https://exchange.xforce.ibmcloud.com/vulnerabilities/17847
http://phorum.org/cvs-changelog-5.txt
http://secunia.com/advisories/12980
Vendor Advisory
http://securitytracker.com/id?1011921
Exploit
http://www.maxpatrol.com/advdetails.asp?id=15
Exploit
Vendor Advisory
http://www.maxpatrol.com/mp_advisory.asp
http://www.osvdb.org/11129
Exploit
Patch
http://www.securityfocus.com/bid/11538
https://exchange.xforce.ibmcloud.com/vulnerabilities/17847

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*

EPSS

Процентиль: 79%

0.01233

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-jw2m-26ff-xvg4

github

почти 4 года назад