cbcvebase.
CVE-2006-3735
published 2006-07-21

CVE-2006-3735: Multiple PHP remote file inclusion vulnerabilities in Mail2Forum (module for phpBB) 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a…

PriorityP340medium5.1CVSS 2.0
AVNACHAuNCPIPAP
EXPLOIT
EPSS
9.19%
94.7th percentile
Multiple PHP remote file inclusion vulnerabilities in Mail2Forum (module for phpBB) 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the m2f_root_path parameter to (1) m2f/m2f_phpbb204.php, (2) m2f/m2f_forum.php, (3) m2f/m2f_mailinglist.php or (4) m2f/m2f_cron.php.

Affected

1 ranges
VendorProductVersion rangeFixed in
mail2forummail2forum<= 1.2

CVSS provenance

nvdv2.05.1MEDIUMAV:N/AC:H/Au:N/C:P/I:P/A:P
vendor_redhat5.3MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.