CVE

CVE-2007-2338

Date: (C)2007-04-27   (M)2023-12-22

Cross-site request forgery (CSRF) vulnerability in include/admin/banlist.php in Phorum before 5.1.22 allows remote attackers to perform unauthorized banlist deletions as an administrator via the delete parameter.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 7.5
Exploit Score: 10.0
Impact Score: 6.4
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: PARTIAL
Availability: PARTIAL

Reference:

SECTRACK-1017936

http://www.securityfocus.com/archive/1/466286/100/0/threaded

BID-23616

SECUNIA-24932

SREASON-2617

OSVDB-35061

ADV-2007-1479

http://www.phorum.org/story.php?76

http://www.waraxe.us/advisory-49.html

phorum-banlist-csrf(34078)