PT-2006-4490 · Phorum · Phorum
Published
2006-07-14
·
Updated
2011-03-08
·
CVE-2006-3615
CVSS v2.0
5.1
Medium
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Phorum version 5.1.14
Description
The issue allows remote attackers to execute arbitrary PHP code via unspecified vectors related to an uninitialized variable when register globals is enabled.
Recommendations
For Phorum version 5.1.14, disable the register globals setting to prevent exploitation. Consider upgrading to a version where this issue is fixed, if available. As a temporary workaround, consider restricting access to sensitive PHP files to minimize the risk of arbitrary code execution.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phorum