I have a security issue in phoroum 3.1

Deevfearictye:mentHigh
CVSS Score: 7.8
URL: [192.168.7.13]
Entity: upgrade.php3 (Page)
Risk: It is possible to prevent the web application from serving other users (denial of service)
Causes: Latest patches or hotfixes for 3rd. party products were not installed
Fix: Upgrade to Phorum 3.2.11 or above
Difference: Path manipulated from:
/Sitefinity/Administration/Settings/Basic/General/admin/admin.asp to:
/Sitefinity/Administration/Settings/Basic/General/admin/upgrade.php3
Reasoning: AppScan requested a file which is probably not a legitimate part of the application. The
response status was 200 OK. This indicates that the test succeeded in retrieving the
content of the requested file.

Question: How I can fix this by Upgrading to phorum 3.2.11 in sitefininty.

Hi dpuogilvyone,

you can get the latest Phorum 3 version (3.4.8a) here:
[www.phorum.org]

But I think you should move to Phorum 5.2.20!

Regards
Oliver

---

Using Phorum since 7/2000: forum.langzeittest.de (actual version 5.2.23)
Modules "Made in Germany" for version 5.2: Author_as_Sender, CarCost, Close_Topic, Conceal_Message_Timestamp,
Format_Email, Index_Structure, Mailing_List, Pervasive_Forum, Spritmonitor, Terms_of_Service and German_Language_Files_Package.