← back
CVE-2000-1228

CVE-2000-1228

EPSS 2.5%
Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/20586unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.htmlhttp://hispahack.ccc.de/mi020.htmlhttp://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htmhttp://www.securityfocus.com/bid/2271