Vulnerabilities > CVE-2006-3053 - Unspecified vulnerability in Phorum
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN phorum
exploit available
Summary
PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor
Vulnerable Configurations
Exploit-Db
| description | PHORUM 3.x/5.x Common.PHP Remote File Include Vulnerability. CVE-2006-3053. Webapps exploit for php platform |
| id | EDB-ID:27363 |
| last seen | 2016-02-03 |
| modified | 2006-03-06 |
| published | 2006-03-06 |
| reporter | ERNE |
| source | https://www.exploit-db.com/download/27363/ |
| title | PHORUM 3.x/5.x Common.PHP Remote File Include Vulnerability |
References
- http://securityreason.com/securityalert/1103
- http://securityreason.com/securityalert/1103
- http://www.securityfocus.com/archive/1/436863/100/0/threaded
- http://www.securityfocus.com/archive/1/436863/100/0/threaded
- http://www.securityfocus.com/archive/1/437988/100/0/threaded
- http://www.securityfocus.com/archive/1/437988/100/0/threaded
- http://www.securityfocus.com/bid/16977
- http://www.securityfocus.com/bid/16977
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27064
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27064