Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-3053

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-3053
Last Modified 05 Sep 2008 05:06:07
Published 16 Jun 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-3053

Summary

** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor.

Vulnerable Systems

Application

  • Phorum 3.1

  • Phorum 3.1.1

  • Phorum 3.1.1 Pre

  • Phorum 3.1.1 Rc2

  • Phorum 3.1.1a

  • Phorum 3.1.2

  • Phorum 3.2

  • Phorum 3.2.2

  • Phorum 3.2.3

  • Phorum 3.2.3a

  • Phorum 3.2.3b

  • Phorum 3.2.4

  • Phorum 3.2.5

  • Phorum 3.2.6

  • Phorum 3.2.7

  • Phorum 3.2.8

  • Phorum 3.3.1

  • Phorum 3.3.1a

  • Phorum 3.3.2

  • Phorum 3.3.2a

  • Phorum 3.3.2b3

  • Phorum 3.4

  • Phorum 3.4.1

  • Phorum 3.4.2

  • Phorum 3.4.3

  • Phorum 3.4.4

  • Phorum 3.4.5

  • Phorum 3.4.6

  • Phorum 3.4.7

  • Phorum 3.4.8

  • Phorum 3.4.8a

  • Phorum 5.0.10

  • Phorum 5.0.11

  • Phorum 5.0.12

  • Phorum 5.0.13

  • Phorum 5.0.14

  • Phorum 5.0.15a

  • Phorum 5.0.16

  • Phorum 5.0.17a

  • Phorum 5.0.18

  • Phorum 5.0.3 Beta

  • Phorum 5.0.7 Beta

  • Phorum 5.0.9

  • Phorum 5.1.13


References

XF - phorum-common-file-include(27064)

BID - 16977

BUGTRAQ - 20060619 Re: # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.

BUGTRAQ - 20060611 # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.

SREASON - 1103


Last Updated: 27 May 2016 10:42:52