Unrated severityNVD Advisory· Published Apr 27, 2007· Updated Apr 23, 2026

CVE-2007-2339

Description

Multiple SQL injection vulnerabilities in Phorum before 5.1.22 allow remote attackers to execute arbitrary SQL commands via (1) a modified recipients parameter name in (a) pm.php; (2) the curr parameter to the (b) badwords (aka censorlist) or (c) banlist module in admin.php; or (3) the "Edit groups / Add group" field in the (d) groups module in admin.php.

Affected products

Phorum/Phorum
cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*
Range: <=5.1.20

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/24932nvdPatchVendor Advisory
securitytracker.com/idnvdExploit
www.securityfocus.com/bid/23616nvdExploitPatch
www.waraxe.us/advisory-49.htmlnvdExploitVendor Advisory
osvdb.org/35062nvd
osvdb.org/35063nvd
osvdb.org/35064nvd
securityreason.com/securityalert/2617nvd
www.phorum.org/story.phpnvd
www.securityfocus.com/archive/1/466286/100/0/threadednvd
www.vupen.com/english/advisories/2007/1479nvd
exchange.xforce.ibmcloud.com/vulnerabilities/34081nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.003
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000