CVE-2000-1228

Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html	Exploit Patch Vendor Advisory
http://hispahack.ccc.de/mi020.html
http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm
http://www.securityfocus.com/bid/2271	Exploit Patch
http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html	Exploit Patch Vendor Advisory
http://hispahack.ccc.de/mi020.html
http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm
http://www.securityfocus.com/bid/2271	Exploit Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:phorum:phorum:3.0.7:*:*:*:*:*:*:*

History

No history.

Information

Published : 2000-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2000-1228

Mitre link : CVE-2000-1228

CVE.ORG link : CVE-2000-1228

JSON object : View

Products Affected

phorum

phorum

CWE

NVD-CWE-Other

{"id": "CVE-2000-1228", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2000-12-31T05:00:00.000", "references": [{"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://hispahack.ccc.de/mi020.html", "source": "cve@mitre.org"}, {"url": "http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/2271", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html", "tags": ["Exploit", "Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://hispahack.ccc.de/mi020.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/2271", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phorum:phorum:3.0.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "740F974F-D679-472C-966A-3E4C334E3C0A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}