Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2003-1487

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2003-1487
Last Modified 05 Sep 2008 04:37:04
Published 31 Dec 2003 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2003-1487

Summary

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.

Vulnerable Systems

Application

  • Phorum 3.4

  • Phorum 3.4.1

  • Phorum 3.4.2


References

BID - 7579

BID - 7578

BID - 7574

XF - phorum-command-execution(12500)

BUGTRAQ - 20030513 Phorum Vulnerabilities

SREASON - 3288


Last Updated: 27 May 2016 10:38:22