cbcvebase.
CVE-2006-3053
published 2006-06-16

CVE-2006-3053: PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the…

PriorityP338high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.83%
84.9th percentile
PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor

Affected

44 ranges· showing 25
VendorProductVersion rangeFixed in
phorumphorum<= 5.1.13
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
phorumphorum
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.