CVE-2006-1994 Information

Description

PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php (2) admin.php (3) anmelden.php (4) losethread.php (5) config.php (6) delpost.php (7) delthread.php (8) dfcode.php (9) download.php (10) editanoc.php (11) forum.php (12) login.php (13) makethread.php (14) menu.php (15) newthread.php (16) openthread.php (17) overview.php (18) post.php (19) suchen.php (20) user.php (21) userconfig.php (22) userinfo.php and (23) verwalten.php.

Reference

http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045369.html http://secunia.com/advisories/19788 http://www.nukedx.com/?viewdoc=27 http://www.securityfocus.com/archive/1/431758 http://www.securityfocus.com/bid/17650 http://www.vupen.com/english/advisories/2006/1482 https://exchange.xforce.ibmcloud.com/vulnerabilities/26035