PT-2000-2007 · Phorum · Phorum

Published

2000-12-31

Updated

2008-09-05

CVE-2000-1228

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Phorum version 3.0.7

Description The issue allows remote attackers to change the administrator password without authentication. This is achieved by sending an HTTP request for "admin.php3" that sets the step, option, confirm, and newPssword variables.

Recommendations For Phorum version 3.0.7, update to a newer version that contains a fix for this issue, as using the current version allows unauthorized password changes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2000-1228

Affected Products

Phorum

PT-2000-2007 · Phorum · Phorum

CVE-2000-1228

Related Identifiers

Affected Products

References · 7