CVE-2000-1229

Published: Dec 31, 2000Modified: Apr 16, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum administrators to read arbitrary files via ".." (dot dot) sequences in the default .langfile name field in the Master Settings administrative function, which causes the file to be displayed in admin.php3.

Affected (1)

Products: Phorum: Phorum

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phorum Phorum	Version 3.0.7

References (6)

http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html

Source: cve@mitre.org

ExploitPatchVendor Advisory

http://hispahack.ccc.de/mi020.html

Source: cve@mitre.org

http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm

Source: cve@mitre.org

http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatchVendor Advisory

http://hispahack.ccc.de/mi020.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.digitalsec.net/stuff/z-mirrors/hispahack/mi020.htm

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.