CVE-2006-3053

Phorum < 5.1.13 - Remote File Inclusion via PHORUM[http_path] Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-3053. PoCs published by ERNE.

AI-analyzed exploit summary The code describes a remote file inclusion vulnerability in PHORUM due to improper input sanitization in 'common.php'. The vulnerability allows arbitrary remote file inclusion via the 'PHORUM[http_path]' parameter, but the vendor claims it is not exploitable due to security restrictions.

Description

PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor

Exploits (1)

exploitdb WRITEUP VERIFIED
by ERNE · textwebappsphp
https://www.exploit-db.com/exploits/27363

The code describes a remote file inclusion vulnerability in PHORUM due to improper input sanitization in 'common.php'. The vulnerability allows arbitrary remote file inclusion via the 'PHORUM[http_path]' parameter, but the vendor claims it is not exploitable due to security restrictions.

Classification
Writeup 90%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: PHORUM 5.1.13 and prior
No auth needed
Prerequisites: Access to the target PHORUM installation · Ability to host malicious PHP code on a remote server
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Third Party Advisory third-party-advisory x_refsource_sreason
http://securityreason.com/securityalert/1103
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/16977
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/27064
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/437988/100/0/threaded
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/436863/100/0/threaded

Scores

EPSS 0.0284
EPSS Percentile 84.8%

Details

Status published
Products (44)
phorum/phorum 3.1
phorum/phorum 3.1.1
phorum/phorum 3.1.1_pre
phorum/phorum 3.1.1_rc2
phorum/phorum 3.1.1a
phorum/phorum 3.1.2
phorum/phorum 3.2
phorum/phorum 3.2.2
phorum/phorum 3.2.3
phorum/phorum 3.2.3a
... and 34 more
Published Jun 16, 2006
Tracked Since Feb 18, 2026