CVE-2003-1487

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.

CVSS v2.0 10.0 HIGH

10.0^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/archive/1/321310
http://www.securityfocus.com/bid/7574	Patch
http://www.securityfocus.com/bid/7578	Patch
http://www.securityfocus.com/bid/7579	Patch
http://securityreason.com/securityalert/3288
https://exchange.xforce.ibmcloud.com/vulnerabilities/12500

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:phorum:phorum:3.4:::::::*
	cpe:2.3:a:phorum:phorum:3.4.1:::::::*
	cpe:2.3:a:phorum:phorum:3.4.2:::::::*

Information

Published : 2003-12-30 21:00

Updated : 2017-07-28 18:29

NVD link : CVE-2003-1487

Mitre link : CVE-2003-1487

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

phorum

phorum

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/archive/1/321310", "name": "20030513 Phorum Vulnerabilities", "tags": [], "refsource": "BUGTRAQ"}, {"url": "http://www.securityfocus.com/bid/7574", "name": "7574", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/7578", "name": "7578", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://www.securityfocus.com/bid/7579", "name": "7579", "tags": ["Patch"], "refsource": "BID"}, {"url": "http://securityreason.com/securityalert/3288", "name": "3288", "tags": [], "refsource": "SREASON"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/12500", "name": "phorum-command-execution(12500)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple \"command injection\" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2003-1487", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "severity": "HIGH", "impactScore": 10.0, "obtainAllPrivilege": true, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2003-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-29T01:29Z"}

10.0 /10