Vulnerabilities > CVE-2006-3611 - Unspecified vulnerability in Phorum

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
phorum
exploit available

Summary

Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences into a log file, which is then included by pm.php.

Vulnerable Configurations

Part Description Count
Application
Phorum
88

Exploit-Db

descriptionPhorum 5 (pm.php) Arbitrary Local Inclusion Exploit. CVE-2006-3611. Webapps exploit for php platform
idEDB-ID:2008
last seen2016-01-31
modified2006-07-13
published2006-07-13
reporterrgod
sourcehttps://www.exploit-db.com/download/2008/
titlePhorum 5 pm.php Arbitrary Local Inclusion Exploit