Vulnerabilities > CVE-2006-3611 - Unspecified vulnerability in Phorum
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN phorum
exploit available
Summary
Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences into a log file, which is then included by pm.php.
Vulnerable Configurations
Exploit-Db
description | Phorum 5 (pm.php) Arbitrary Local Inclusion Exploit. CVE-2006-3611. Webapps exploit for php platform |
id | EDB-ID:2008 |
last seen | 2016-01-31 |
modified | 2006-07-13 |
published | 2006-07-13 |
reporter | rgod |
source | https://www.exploit-db.com/download/2008/ |
title | Phorum 5 pm.php Arbitrary Local Inclusion Exploit |