CVE-2003-1406

D-Forum 1.00-1.11 - Remote Code Execution via my_header or my_footer Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2003-1406. PoCs published by frog.

AI-analyzed exploit summary The exploit describes a remote file inclusion vulnerability in D-Forum's header.php3 and footer.php3 scripts, allowing attackers to include remote files via URI parameter manipulation.

Description

PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 allows remote attackers to execute arbitrary PHP code via a URL in the (1) my_header parameter to header.php3 or (2) my_footer parameter to footer.php3.

Exploits (2)

exploitdb WRITEUP VERIFIED
by frog · textwebappsphp
https://www.exploit-db.com/exploits/22256

The exploit describes a remote file inclusion vulnerability in D-Forum's header.php3 and footer.php3 scripts, allowing attackers to include remote files via URI parameter manipulation.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: D-Forum (version not specified)
No auth needed
Prerequisites: Remote file inclusion must be enabled on the server · Attacker-controlled server to host malicious file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by frog · textwebappsphp
https://www.exploit-db.com/exploits/22257

The exploit describes a remote file inclusion vulnerability in D-Forum's header.php3 and footer.php3 scripts. Attackers can manipulate URI parameters to include remote files, potentially leading to arbitrary code execution.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: D-Forum (version not specified)
No auth needed
Prerequisites: Remote file inclusion must be enabled on the server · Attacker-controlled server to host malicious script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit mailing-list x_refsource_vulnwatch
http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0072.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/6879
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/11342

Scores

EPSS 0.0253
EPSS Percentile 82.9%

Details

CWE
CWE-94
Status published
Products (3)
adalis_infomatique/d_forum 1.0
adalis_infomatique/d_forum 1.10
adalis_infomatique/d_forum 1.11
Published Dec 31, 2003
Tracked Since Feb 18, 2026