CVE-2000-1228

Published: Dec 31, 2000Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.

Affected (1)

Products: Phorum: Phorum

Phorum

1 product

Phorum

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phorum Phorum	Version 3.0.7

References (8)

http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://hispahack.ccc.de/mi020.html

Source: cve@mitre.org

http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm

Source: cve@mitre.org

http://www.securityfocus.com/bid/2271

Source: cve@mitre.org

ExploitPatch

http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://hispahack.ccc.de/mi020.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/2271

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

Timeline

No history available yet.