Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL network
low complexity
dforum
exploit available
Published: 2006-04-25
Updated: 2017-07-20
Summary
PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php.
Vulnerable Configurations
Part | Description | Count |
Application | Dforum | 1 |
Exploit-Db
description | dForum <= 1.5 (DFORUM_PATH) Multiple Remote File Inclusions. CVE-2006-1994. Webapps exploit for php platform |
id | EDB-ID:1706 |
last seen | 2016-01-31 |
modified | 2006-04-21 |
published | 2006-04-21 |
reporter | nukedx |
source | https://www.exploit-db.com/download/1706/ |
title | dForum <= 1.5 DFORUM_PATH Multiple Remote File Inclusions |