Description
PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor
Exploits (1)
References (5)
Core 5
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1103
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/16977
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27064
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/437988/100/0/threaded
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/436863/100/0/threaded
Scores
EPSS
0.0572
EPSS Percentile
90.5%
Details
Status
published
Products (44)
phorum/phorum
3.1
phorum/phorum
3.1.1
phorum/phorum
3.1.1_pre
phorum/phorum
3.1.1_rc2
phorum/phorum
3.1.1a
phorum/phorum
3.1.2
phorum/phorum
3.2
phorum/phorum
3.2.2
phorum/phorum
3.2.3
phorum/phorum
3.2.3a
... and 34 more
Published
Jun 16, 2006
Tracked Since
Feb 18, 2026