Phorum 漏洞与 CVE 列表(56)

产品(CPE): — CVE 数: 56

Phorum 漏洞概览

汇总 Phorum 相关全部产品的 CVE 与安全漏洞情报,包括 CVSS、EPSS、公开时间与漏洞情报数据。

已披露问题常与 路径处理缺陷、SQL 注入与CSRF 相关,可能在 软件部署与生产负载 场景中带来 文件覆盖与数据泄露 等暴露风险。

相关漏洞数据主要来源于公开漏洞披露与安全公告,可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势(近 24 个月)

显示 12056 CVE 数
«« 第一页 « 上一页 第 1 / 3 页 下一页 »
CVE 摘要 来源 最高 CVSS EPSS % 公开时间 更新时间
CVE-2011-3622 A Cross-Site Scripting (XSS) vulnerability exists in the admin login screen in Phorum before 5.2.18. [email protected] 6.1 0.24% 2020-01-22 2024-11-21
CVE-2012-6659 Cross-site scripting (XSS) vulnerability in the admin interface in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via a crafted URL. [email protected] 4.3 0.22% 2014-09-19 2026-05-06
CVE-2012-4234 Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via the group parameter. [email protected] 4.3 7.64% 2014-09-04 2026-05-06
CVE-2011-4561 Cross-site scripting (XSS) vulnerability in admin.php in Phorum 5.2.18 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to admin/index.php. NOTE: some of these details are obtained from third party information. [email protected] 4.3 0.43% 2011-11-28 2026-04-29
CVE-2011-3768 Phorum 5.2.15a allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by css.php and certain other files. [email protected] 5.0 0.32% 2011-09-24 2026-04-29
CVE-2011-3392 Cross-site scripting (XSS) vulnerability in control.php in the controlcenter in Phorum before 5.2.17 allows remote attackers to inject arbitrary web script or HTML via the real_name parameter. [email protected] 4.3 0.33% 2011-09-08 2026-04-29
CVE-2011-3382 Cross-site scripting (XSS) vulnerability in Phorum before 5.2.16 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [email protected] 4.3 0.25% 2011-09-08 2026-04-29
CVE-2011-3381 Cross-site request forgery (CSRF) vulnerability in Phorum before 5.2.16 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors. [email protected] 6.8 0.13% 2011-09-08 2026-04-29
CVE-2010-1629 Cross-site scripting (XSS) vulnerability in Phorum before 5.2.15 allows remote attackers to inject arbitrary web script or HTML via an invalid email address. [email protected] 4.3 0.29% 2010-05-19 2026-04-29
CVE-2009-0488 Cross-site scripting (XSS) vulnerability in Phorum before 5.2.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [email protected] 4.3 0.22% 2009-02-09 2026-04-23
CVE-2008-4513 Cross-site scripting (XSS) vulnerability in BBcode API module in Phorum 5.2.8 allows remote attackers to inject arbitrary web script or HTML via nested BBcode image tags. [email protected] 4.3 0.53% 2008-10-09 2026-04-23
CVE-2008-1486 SQL injection vulnerability in Phorum before 5.2.6, when mysql_use_ft is disabled, allows remote attackers to execute arbitrary SQL commands via the non-fulltext search. [email protected] 6.8 0.37% 2008-03-24 2026-04-23
CVE-2007-2339 Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php. [email protected] 7.5 4.81% 2007-04-27 2026-04-23
CVE-2007-2338 Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter. [email protected] 7.5 18.08% 2007-04-27 2026-04-23
CVE-2007-2250 admin.php in Phorum before 5.1.22 allows remote attackers to obtain the full path via the module[] parameter. [email protected] 5.0 7.42% 2007-04-25 2026-04-23
CVE-2007-2249 include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array. [email protected] 6.5 15.92% 2007-04-25 2026-04-23
CVE-2007-2248 Multiple cross-site scripting (XSS) vulnerabilities in admin.php in Phorum before 5.1.22 allow remote attackers to inject arbitrary web script or HTML via the (1) group_id parameter in the groups module or (2) the smiley_id parameter in the smileys modsettings module. [email protected] 4.3 7.84% 2007-04-25 2026-04-23
CVE-2007-0769 Cross-site scripting (XSS) vulnerability in register.php in Phorum 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. NOTE: the vendor disputes this vulnerability, stating that "The characters are escaped properly. [email protected] 6.8 1.47% 2007-02-06 2026-04-23
CVE-2007-0767 Cross-site scripting (XSS) vulnerability in the core in Phorum before 5.1.18 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. [email protected] 6.8 0.97% 2007-02-06 2026-04-23
CVE-2006-6968 Cross-site scripting (XSS) vulnerability in the group moderation control center page in Phorum before 5.1.19 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. [email protected] 5.8 0.26% 2007-02-06 2026-04-23
«« 第一页 « 上一页 第 1 / 3 页 下一页 »
cvelogic Threat Intelligence