CVE-2006-3611

EIP tracks 1 public exploit for CVE-2006-3611. PoCs published by rgod.

AI-analyzed exploit summary This exploit targets a local file inclusion vulnerability in Phorum 5, allowing arbitrary command execution via log poisoning. It requires authentication and specific PHP configurations (register_globals=On, magic_quotes_gpc=Off).

Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences into a log file, which is then included by pm.php.