CVE-2000-1228

Phorum 3.0.7 - Unauthenticated Administrator Password Change via admin.php3

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2000-1228. PoCs published by Max Vision.

AI-analyzed exploit summary This exploit leverages an authentication bypass vulnerability in Phorum by sending a crafted URL to change the admin password without verification. It then abuses the 'default .langfile name' setting to read arbitrary files, such as /etc/passwd.

Description

Phorum 3.0.7 allows remote attackers to change the administrator password without authentication via an HTTP request for admin.php3 that sets step, option, confirm and newPssword variables.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Max Vision · textwebappsphp
https://www.exploit-db.com/exploits/20586

This exploit leverages an authentication bypass vulnerability in Phorum by sending a crafted URL to change the admin password without verification. It then abuses the 'default .langfile name' setting to read arbitrary files, such as /etc/passwd.

Classification
Working Poc 90%
Attack Type
Auth Bypass
Complexity
Trivial
Reliability
Reliable
Target: Phorum (version not specified)
No auth needed
Prerequisites: Access to the admin.php3 script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Exploit, Patch vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/2271
Exploit, Patch, Vendor Advisory mailing-list x_refsource_bugtraq
http://cert.uni-stuttgart.de/archive/bugtraq/2000/01/msg00215.html
Various Sources x_refsource_misc
http://hispahack.ccc.de/mi020.html

Scores

EPSS 0.0246
EPSS Percentile 82.4%

Details

Status published
Products (1)
phorum/phorum 3.0.7
Published Dec 31, 2000
Tracked Since Feb 18, 2026