Vulnerability Description
PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phorum | Phorum | <= 5.1.13 |
References
- http://securityreason.com/securityalert/1103
- http://www.securityfocus.com/archive/1/436863/100/0/threaded
- http://www.securityfocus.com/archive/1/437988/100/0/threaded
- http://www.securityfocus.com/bid/16977Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27064
- http://securityreason.com/securityalert/1103
- http://www.securityfocus.com/archive/1/436863/100/0/threaded
- http://www.securityfocus.com/archive/1/437988/100/0/threaded
- http://www.securityfocus.com/bid/16977Exploit
- https://exchange.xforce.ibmcloud.com/vulnerabilities/27064
FAQ
What is CVE-2006-3053?
CVE-2006-3053 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue...
How severe is CVE-2006-3053?
CVE-2006-3053 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-3053?
Check the references section above for vendor advisories and patch information. Affected products include: Phorum Phorum.