Strix
26.1K

CVE-2002-0764

UnknownEPSS 38.30%

Last modified

CVE-2002-0764 is a vulnerability of currently unknown severity. Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands.. EPSS estimates a 38.30% chance of exploitation in the next 30 days.

Description

Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands.

Metrics

EPSS Probability
38.30%

98.4th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
PhorumPhorum3.3.2a

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2002-0764?
Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands.
How severe is CVE-2002-0764?
Severity scoring for CVE-2002-0764 is pending analysis. The EPSS model estimates a 38.30% probability of exploitation in the next 30 days.
How do I fix CVE-2002-0764?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2002-0764?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST