Marc Bromm

Name of the Vulnerable Software and Affected Versions: phpforum versions 2 RC-1 and earlier Description: The issue allows remote attackers to execute arbitrary PHP code by modifying the `MAIN PATH` parameter to reference a URL on a remote web server that contains the code. Recommendations: For phpforum versions 2 RC-1 and earlier, consider restricting access to the `mainfile.php` script until a patch is available. As a temporary workaround, avoid using the `MAIN PATH` parameter to reference external URLs.