Vulnerability Description
PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phorum | Phorum | 3.2.11 |
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30741
- https://www.exploit-db.com/exploits/2894
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30741
- https://www.exploit-db.com/exploits/2894
FAQ
What is CVE-2006-6550?
CVE-2006-6550 is a vulnerability with a CVSS score of 7.5 (HIGH). PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vu...
How severe is CVE-2006-6550?
CVE-2006-6550 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-6550?
Check the references section above for vendor advisories and patch information. Affected products include: Phorum Phorum.