CVE-2006-6550

Phorum <= 3.2.11 - Remote File Inclusion via db_file Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2006-6550. PoCs published by Mr-m07.

AI-analyzed exploit summary This is a writeup describing a file inclusion vulnerability in Phorum v3.2.11. The exploit leverages an insecure parameter in common.php to include arbitrary files, potentially leading to remote code execution.

Description

PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before use

Exploits (1)

exploitdb WRITEUP VERIFIED

by Mr-m07 · textwebappsphp

https://www.exploit-db.com/exploits/2894

View Code ZIP pw:eip

This is a writeup describing a file inclusion vulnerability in Phorum v3.2.11. The exploit leverages an insecure parameter in common.php to include arbitrary files, potentially leading to remote code execution.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Phorum v3.2.11

No auth needed

Prerequisites: Access to the common.php file via HTTP

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/30741

Exploit, Third Party Advisory exploit x_refsource_exploit-db

https://www.exploit-db.com/exploits/2894

Scores

EPSS 0.0210

EPSS Percentile 79.3%

Details

Status published

Products (1)

phorum/phorum 3.2.11

Published Dec 14, 2006

Tracked Since Feb 18, 2026