CVE-2006-3735

Name of the Vulnerable Software and Affected Versions Mail2Forum versions 1.2 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the m2f root path parameter to various PHP files, including "m2f/m2f phpbb204.php", "m2f/m2f forum.php", "m2f/m2f mailinglist.php", and "m2f/m2f cron.php".

Recommendations For Mail2Forum versions 1.2 and earlier, consider disabling the m2f root path parameter until a patch is available to prevent remote file inclusion attacks. Restrict access to the affected PHP files to minimize the risk of exploitation. Avoid using the m2f root path parameter in the affected API endpoints until the issue is resolved.