CVE-2004-2240

Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.maxpatrol.com/advdetails.asp?id=15	Exploit Vendor Advisory
http://www.maxpatrol.com/mp_advisory.asp
http://phorum.org/cvs-changelog-5.txt
http://www.securityfocus.com/bid/11538
http://www.osvdb.org/11129	Exploit Patch
http://securitytracker.com/id?1011921	Exploit
http://secunia.com/advisories/12980	Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/17847

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*

Information

Published : 2004-12-30 21:00

Updated : 2017-07-10 18:31

NVD link : CVE-2004-2240

Mitre link : CVE-2004-2240

JSON object : View

CWE

NVD-CWE-Other

Advertisement

Products Affected

phorum

phorum

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.maxpatrol.com/advdetails.asp?id=15", "name": "http://www.maxpatrol.com/advdetails.asp?id=15", "tags": ["Exploit", "Vendor Advisory"], "refsource": "MISC"}, {"url": "http://www.maxpatrol.com/mp_advisory.asp", "name": "http://www.maxpatrol.com/mp_advisory.asp", "tags": [], "refsource": "MISC"}, {"url": "http://phorum.org/cvs-changelog-5.txt", "name": "http://phorum.org/cvs-changelog-5.txt", "tags": [], "refsource": "CONFIRM"}, {"url": "http://www.securityfocus.com/bid/11538", "name": "11538", "tags": [], "refsource": "BID"}, {"url": "http://www.osvdb.org/11129", "name": "11129", "tags": ["Exploit", "Patch"], "refsource": "OSVDB"}, {"url": "http://securitytracker.com/id?1011921", "name": "1011921", "tags": ["Exploit"], "refsource": "SECTRACK"}, {"url": "http://secunia.com/advisories/12980", "name": "12980", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17847", "name": "phorum-sql-injection(17847)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2004-2240", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2004-12-31T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-07-11T01:31Z"}