CVE-2006-3053

Published: Jun 16, 2006Modified: Apr 16, 2026

7.5

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability: 10.0 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor

Affected (44)

Products: Phorum: Phorum

Phorum

1 product

Phorum

Configuration A

44 vulnerable

Vulnerable Software	Affected Versions
Phorum Phorum	Up to 5.1.13
Phorum Phorum	Version 3.1.1
Phorum Phorum	Version 3.1.1_pre
Phorum Phorum	Version 3.1.1_rc2
Phorum Phorum	Version 3.1.1a
Phorum Phorum	Version 3.1.2
Phorum Phorum	Version 3.1
Phorum Phorum	Version 3.2.2
Phorum Phorum	Version 3.2.3
Phorum Phorum	Version 3.2.3a
Phorum Phorum	Version 3.2.3b
Phorum Phorum	Version 3.2.4
Phorum Phorum	Version 3.2.5
Phorum Phorum	Version 3.2.6
Phorum Phorum	Version 3.2.7
Phorum Phorum	Version 3.2.8
Phorum Phorum	Version 3.2
Phorum Phorum	Version 3.3.1
Phorum Phorum	Version 3.3.1a
Phorum Phorum	Version 3.3.2
Phorum Phorum	Version 3.3.2a
Phorum Phorum	Version 3.3.2b3
Phorum Phorum	Version 3.4.1
Phorum Phorum	Version 3.4.2
Phorum Phorum	Version 3.4.3
Phorum Phorum	Version 3.4.4
Phorum Phorum	Version 3.4.5
Phorum Phorum	Version 3.4.6
Phorum Phorum	Version 3.4.7
Phorum Phorum	Version 3.4.8
Phorum Phorum	Version 3.4.8a
Phorum Phorum	Version 3.4
Phorum Phorum	Version 5.0.10
Phorum Phorum	Version 5.0.11
Phorum Phorum	Version 5.0.12
Phorum Phorum	Version 5.0.13
Phorum Phorum	Version 5.0.14
Phorum Phorum	Version 5.0.15a
Phorum Phorum	Version 5.0.16
Phorum Phorum	Version 5.0.17a
Phorum Phorum	Version 5.0.18
Phorum Phorum	Version 5.0.3_beta
Phorum Phorum	Version 5.0.7_beta
Phorum Phorum	Version 5.0.9