PT-2006-4600 · Mail2Forum · Mail2Forum

Olibekas

Published

2006-07-19

Updated

2017-10-19

CVE-2006-3735

CVSS v2.0

5.1

Medium

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mail2Forum versions 1.2 and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the m2f root path parameter to various PHP files, including "m2f/m2f phpbb204.php", "m2f/m2f forum.php", "m2f/m2f mailinglist.php", and "m2f/m2f cron.php".

Recommendations For Mail2Forum versions 1.2 and earlier, consider disabling the m2f root path parameter until a patch is available to prevent remote file inclusion attacks. Restrict access to the affected PHP files to minimize the risk of exploitation. Avoid using the m2f root path parameter in the affected API endpoints until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3735

Affected Products

Mail2Forum

PT-2006-4600 · Mail2Forum · Mail2Forum

CVE-2006-3735

Related Identifiers

Affected Products

References · 10