Vulnerability Description
Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phorum | Phorum | 3.4 |
Related Weaknesses (CWE)
References
- http://securityreason.com/securityalert/3288
- http://www.securityfocus.com/archive/1/321310
- http://www.securityfocus.com/bid/7574Patch
- http://www.securityfocus.com/bid/7578Patch
- http://www.securityfocus.com/bid/7579Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12500
- http://securityreason.com/securityalert/3288
- http://www.securityfocus.com/archive/1/321310
- http://www.securityfocus.com/bid/7574Patch
- http://www.securityfocus.com/bid/7578Patch
- http://www.securityfocus.com/bid/7579Patch
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12500
FAQ
What is CVE-2003-1487?
CVE-2003-1487 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (...
How severe is CVE-2003-1487?
CVE-2003-1487 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2003-1487?
Check the references section above for vendor advisories and patch information. Affected products include: Phorum Phorum.