JVNDB-2011-000068

[Japanese]
JVNDB-2011-000068
Multiple vulnerabilities in Phorum
Overview
Phorum contains multiple vulnerabilities. Phorum is a message board software. Phorum contains cross-site request forgery and cross-site scripting vulnerabilities. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.
CVSS Severity (What is CVSS?)
CVSS V2 Severity: Base Metrics 2.6 (Low) [IPA Score] Access Vector: Network Access Complexity: High Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None
Affected Products

Phorum Phorum versions prior to 5.2.16

Impact
An arbitrary file may be uploaded or an arbitrary script may be executed on the web browser of a user that is logged in.
Solution
[Update the software] Update to the latest version according to the information provided by the developer.
Vendor Information
Phorum Phorum : Phorum, The Original PHP and MySQL Forum Software
CWE (What is CWE?)
Cross-Site Request Forgery(CWE-352) [IPA Evaluation] Cross-site Scripting(CWE-79) [IPA Evaluation]
CVE (What is CVE?)
CVE-2011-3381 CVE-2011-3382
References
JVN : JVN#71435255 National Vulnerability Database (NVD) : CVE-2011-3381 National Vulnerability Database (NVD) : CVE-2011-3382
Revision History
[2011/09/02] Web page published

Multiple vulnerabilities in Phorum