CVE-2002-0764

Name of the Vulnerable Software and Affected Versions: Phorum version 3.3.2a

Description: The issue allows remote attackers to execute arbitrary commands by sending an HTTP request to specific API endpoints, such as "plugin.php", "admin.php", or "del.php", and modifying the PHORUM[settings dir] variable to point to a directory containing a PHP file with the commands.

Recommendations: For Phorum version 3.3.2a, as a temporary workaround, consider restricting access to the "plugin.php", "admin.php", and "del.php" endpoints until a patch is available. Additionally, restrict modifications to the PHORUM[settings dir] variable to prevent attackers from pointing to malicious PHP files.