CVE-2003-1487 Information

Description

Multiple \command injection\ vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program (2) Edit user profile or (3) stats program.

Reference

http://securityreason.com/securityalert/3288 http://www.securityfocus.com/archive/1/321310 http://www.securityfocus.com/bid/7574 http://www.securityfocus.com/bid/7578 http://www.securityfocus.com/bid/7579 https://exchange.xforce.ibmcloud.com/vulnerabilities/12500