CVE-2004-2240

Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://phorum.org/cvs-changelog-5.txt
http://secunia.com/advisories/12980	Vendor Advisory
http://securitytracker.com/id?1011921	Exploit
http://www.maxpatrol.com/advdetails.asp?id=15	Exploit Vendor Advisory
http://www.maxpatrol.com/mp_advisory.asp
http://www.osvdb.org/11129	Exploit Patch
http://www.securityfocus.com/bid/11538
https://exchange.xforce.ibmcloud.com/vulnerabilities/17847
http://phorum.org/cvs-changelog-5.txt
http://secunia.com/advisories/12980	Vendor Advisory
http://securitytracker.com/id?1011921	Exploit
http://www.maxpatrol.com/advdetails.asp?id=15	Exploit Vendor Advisory
http://www.maxpatrol.com/mp_advisory.asp
http://www.osvdb.org/11129	Exploit Patch
http://www.securityfocus.com/bid/11538
https://exchange.xforce.ibmcloud.com/vulnerabilities/17847

Configurations

Configuration 1 (hide)

cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*

History

No history.

Information

Published : 2004-12-31 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-2240

Mitre link : CVE-2004-2240

CVE.ORG link : CVE-2004-2240

JSON object : View

Products Affected

phorum

phorum

CWE

NVD-CWE-Other

{"id": "CVE-2004-2240", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"url": "http://phorum.org/cvs-changelog-5.txt", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/12980", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securitytracker.com/id?1011921", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.maxpatrol.com/advdetails.asp?id=15", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.maxpatrol.com/mp_advisory.asp", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/11129", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/11538", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17847", "source": "cve@mitre.org"}, {"url": "http://phorum.org/cvs-changelog-5.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/12980", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securitytracker.com/id?1011921", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.maxpatrol.com/advdetails.asp?id=15", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.maxpatrol.com/mp_advisory.asp", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/11129", "tags": ["Exploit", "Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/11538", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17847", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier allow remote attackers to modify SQL statements via (1) the query string in read.php or (2) unknown vectors in file.php."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CF5B09FF-92DF-4F8D-9A7B-E5086E2B954D"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}