Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-2243


Vulnerability Score 7.5 7.5
CVE Id CVE-2004-2243
Last Modified 05 Sep 2008 04:43:35
Published 31 Dec 2004 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Phorum allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum_uriauth parameter, as demonstrated using profile.php. NOTE: the affected version was reported to be 4.3.7, but this may be erroneous.

Vulnerable Systems


  • Phorum 4.3.7


XF - phorum-session-hijack(16215)

SECTRACK - 1010219

FULLDISC - 20040519 Ph0rum phorum_uriauth replay attack

Last Updated: 27 May 2016 10:39:24