Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2006-3053

PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor

Published

2006-06-16T10:02:00.000

Last Modified

2025-04-03T01:03:51.193

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: PARTIAL
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

6.4

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	phorum	phorum	≤ 5.1.13	Yes
Application	phorum	phorum	3.1	Yes
Application	phorum	phorum	3.1.1	Yes
Application	phorum	phorum	3.1.1_pre	Yes
Application	phorum	phorum	3.1.1_rc2	Yes
Application	phorum	phorum	3.1.1a	Yes
Application	phorum	phorum	3.1.2	Yes
Application	phorum	phorum	3.2	Yes
Application	phorum	phorum	3.2.2	Yes
Application	phorum	phorum	3.2.3	Yes
Application	phorum	phorum	3.2.3a	Yes
Application	phorum	phorum	3.2.3b	Yes
Application	phorum	phorum	3.2.4	Yes
Application	phorum	phorum	3.2.5	Yes
Application	phorum	phorum	3.2.6	Yes
Application	phorum	phorum	3.2.7	Yes
Application	phorum	phorum	3.2.8	Yes
Application	phorum	phorum	3.3.1	Yes
Application	phorum	phorum	3.3.1a	Yes
Application	phorum	phorum	3.3.2	Yes
Application	phorum	phorum	3.3.2a	Yes
Application	phorum	phorum	3.3.2b3	Yes
Application	phorum	phorum	3.4	Yes
Application	phorum	phorum	3.4.1	Yes
Application	phorum	phorum	3.4.2	Yes
Application	phorum	phorum	3.4.3	Yes
Application	phorum	phorum	3.4.4	Yes
Application	phorum	phorum	3.4.5	Yes
Application	phorum	phorum	3.4.6	Yes
Application	phorum	phorum	3.4.7	Yes
Application	phorum	phorum	3.4.8	Yes
Application	phorum	phorum	3.4.8a	Yes
Application	phorum	phorum	5.0.3_beta	Yes
Application	phorum	phorum	5.0.7_beta	Yes
Application	phorum	phorum	5.0.9	Yes
Application	phorum	phorum	5.0.10	Yes
Application	phorum	phorum	5.0.11	Yes
Application	phorum	phorum	5.0.12	Yes
Application	phorum	phorum	5.0.13	Yes
Application	phorum	phorum	5.0.14	Yes
Application	phorum	phorum	5.0.15a	Yes
Application	phorum	phorum	5.0.16	Yes
Application	phorum	phorum	5.0.17a	Yes
Application	phorum	phorum	5.0.18	Yes

References

http://securityreason.com/securityalert/1103 ([email protected])
http://www.securityfocus.com/archive/1/436863/100/0/threaded ([email protected])
http://www.securityfocus.com/archive/1/437988/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/16977 Exploit ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/27064 ([email protected])
http://securityreason.com/securityalert/1103 (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/436863/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/437988/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/16977 Exploit (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/27064 (af854a3a-2127-422b-91ae-364da2661108)