Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Phorum admin.php3无需验证修改管理员口令漏洞
Vulnerability Description
Phorum是Phorum团队开发的一套基于PHP和MySQL的开源论坛应用程序。 Phorum存在一个问题,远程攻击者可以访问本地系统文件。 admin.php3脚本用于安全和管理被创建的论坛。它带有口令保护,但存在漏洞可以无需访问权限修改管理员口令。一旦拥有了管理功能的访问权限,就可以进入"Master Setting"功能,在"default .langfile name"输入框输入想要访问的系统本地文件,重新载入admin.php3页面后就可以浏览这个文件的内容了。
CVSS Information
N/A
Vulnerability Type
N/A