CVE-2006-3611 Information
Feb 14, 2021
cve
Description
Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter as demonstrated by injecting PHP sequences into a log file which is then included by pm.php.
Reference
http://retrogod.altervista.org/phorum5_local_incl_xpl.html http://www.phorum.org/phorum5/read.php?14114358 http://www.securityfocus.com/archive/1/439976/100/0/threaded http://www.vupen.com/english/advisories/2006/2794
Share on: