CVE-2006-3053

Опубликовано: 16 июн. 2006

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*

Версия до 5.1.13 (включая)

cpe:2.3:a:phorum:phorum:3.1:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.1.1:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.1.1_pre:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.1.1_rc2:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.1.1a:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.1.2:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.2:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.2.2:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.2.3:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.2.3a:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.2.3b:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.2.4:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.2.5:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.2.6:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.2.7:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.2.8:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.3.1:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.3.1a:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.3.2:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.3.2a:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.3.2b3:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.4.3:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.4.4:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.4.5:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.4.6:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.4.7:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.4.8:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:3.4.8a:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:5.0.3_beta:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:5.0.7_beta:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:5.0.9:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:5.0.10:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:5.0.12:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:5.0.13:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:5.0.14:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:5.0.15a:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:5.0.16:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:5.0.17a:*:*:*:*:*:*:*

cpe:2.3:a:phorum:phorum:5.0.18:*:*:*:*:*:*:*

EPSS

Процентиль: 90%

0.05721

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-8xpf-4773-x7fx

github

почти 4 года назад

** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor.