PT-2004-3138 · Phorum · Phorum

Published

2004-12-31

Updated

2017-07-11

CVE-2004-2243

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Phorum version 4.3.7

Description The issue allows remote attackers to hijack sessions of other users by stealing and replaying the session hash in the phorum uriauth parameter. This can be demonstrated using the "profile.php" endpoint.

Recommendations For version 4.3.7, consider restricting access to the phorum uriauth parameter to minimize the risk of session hijacking until a patch is available.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-2243

Affected Products

Phorum

PT-2004-3138 · Phorum · Phorum

CVE-2004-2243

Related Identifiers

Affected Products

References · 5