Vulnerability Database

290,020

Total vulnerabilities in the database

CVE-2000-1228

Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.

  • Published: Dec 31, 2000
  • Updated: Apr 13, 2023
  • CVE: CVE-2000-1228
  • Severity: Medium
  • Exploit:

CVSS v2:

  • Severity: Medium
  • Score: 5
  • AV:N/AC:L/Au:N/C:N/I:P/A:N

No CWE or OWASP classifications available.

Software From Fixed in
phorum / phorum 3.0.7 3.0.7.x