CVE-2007-2249

Phorum <5.1.22 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-2249. PoCs published by Janek Vind.

AI-analyzed exploit summary The writeup describes a privilege escalation vulnerability in Phorum 5.1.20 due to insufficient input validation and uninitialized variables, allowing a moderator to escalate privileges to admin by manipulating the `user_ids` parameter.

Description

include/controlcenter/users.php in Phorum before 5.1.22 allows remote authenticated moderators to gain privileges via a modified (1) user_ids POST parameter or (2) userdata array.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Janek Vind · textwebappsphp

https://www.exploit-db.com/exploits/29889

View Code ZIP pw:eip

The writeup describes a privilege escalation vulnerability in Phorum 5.1.20 due to insufficient input validation and uninitialized variables, allowing a moderator to escalate privileges to admin by manipulating the `user_ids` parameter.

Classification

Writeup 90%

Attack Type

Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Phorum 5.1.20

Auth required

Prerequisites: Moderator access · PHP `register_globals=on` setting

MITRE ATT&CK