CVE-2003-1487

critical

Description

Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/12500

http://www.securityfocus.com/bid/7579

http://www.securityfocus.com/bid/7578

http://www.securityfocus.com/bid/7574

http://www.securityfocus.com/archive/1/321310

http://securityreason.com/securityalert/3288

Details

Source: Mitre, NVD

Published: 2003-12-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.08931