Short Name |
HTTP:PHP:PHORUM:READ-ACCESS |
---|---|
Severity |
Major |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Phorum Read Access |
Release Date |
2003/04/22 |
Update Number |
1213 |
Supported Platforms |
idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects access to the vulnerable read.php3 script installed with Phorum. Because the script does not validate input, attackers can execute arbitrary SQL statements to modify the database contents, insert new entries, create and drop tables, etc.
By sending a specially-crafted URL request, an attacker could execute arbitrary SQL commands on the server.