Unauthenticated Remote Password Change Vulnerability in Phorum 3.0.7

Unauthenticated Remote Password Change Vulnerability in Phorum 3.0.7

CVE-2000-1228 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.

Learn more about our Web Application Penetration Testing UK.