cvelistv5 - cve-2006-3053

cve-2006-3053

Vulnerability from cvelistv5

Published

2006-06-16 10:00

Modified

2024-08-07 18:16

Severity ?

Summary

PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor

References

URL	Tags
cve@mitre.org	http://securityreason.com/securityalert/1103
cve@mitre.org	http://www.securityfocus.com/archive/1/436863/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/437988/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/16977	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27064
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/1103
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/436863/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/437988/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16977	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27064

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T18:16:05.376Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "1103",
            "tags": [
              "third-party-advisory",
              "x_refsource_SREASON",
              "x_transferred"
            ],
            "url": "http://securityreason.com/securityalert/1103"
          },
          {
            "name": "16977",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/16977"
          },
          {
            "name": "phorum-common-file-include(27064)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27064"
          },
          {
            "name": "20060619 Re: # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/437988/100/0/threaded"
          },
          {
            "name": "20060611 # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/436863/100/0/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2006-06-11T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter.  NOTE: this issue has been disputed by the vendor, who states \"common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum.\"  CVE analysis concurs with the vendor"
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-18T14:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "1103",
          "tags": [
            "third-party-advisory",
            "x_refsource_SREASON"
          ],
          "url": "http://securityreason.com/securityalert/1103"
        },
        {
          "name": "16977",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/16977"
        },
        {
          "name": "phorum-common-file-include(27064)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27064"
        },
        {
          "name": "20060619 Re: # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/437988/100/0/threaded"
        },
        {
          "name": "20060611 # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/436863/100/0/threaded"
        }
      ],
      "tags": [
        "disputed"
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2006-3053",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "** DISPUTED **  PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter.  NOTE: this issue has been disputed by the vendor, who states \"common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum.\"  CVE analysis concurs with the vendor."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "1103",
              "refsource": "SREASON",
              "url": "http://securityreason.com/securityalert/1103"
            },
            {
              "name": "16977",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/16977"
            },
            {
              "name": "phorum-common-file-include(27064)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27064"
            },
            {
              "name": "20060619 Re: # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/437988/100/0/threaded"
            },
            {
              "name": "20060611 # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/436863/100/0/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2006-3053",
    "datePublished": "2006-06-16T10:00:00",
    "dateReserved": "2006-06-16T00:00:00",
    "dateUpdated": "2024-08-07T18:16:05.376Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2006-3053\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2006-06-16T10:02:00.000\",\"lastModified\":\"2024-11-21T00:12:42.723\",\"vulnStatus\":\"Modified\",\"cveTags\":[{\"sourceIdentifier\":\"cve@mitre.org\",\"tags\":[\"disputed\"]}],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter.  NOTE: this issue has been disputed by the vendor, who states \\\"common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum.\\\"  CVE analysis concurs with the vendor\"},{\"lang\":\"es\",\"value\":\"** EN DISPUTA ** PHP vulnerabilidad de inclusi\u00f3n de archivo remoto en common.php en Phorum v5.1.13 y anteriores permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de una URL en el par\u00e1metro Phorum [http_path]. NOTA: este problema ha sido discutido por el vendedor, quien afirma que \\\"common.php se comprueba en la primera l\u00ednea de c\u00f3digo no comment-que no se est\u00e1 llamando directamente Ha sido as\u00ed en todas las versiones 5.x de Phorum.\\\" CVE an\u00e1lisis coincide con el vendedor.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":true,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"5.1.13\",\"matchCriteriaId\":\"F19AEEA5-7EF8-4D53-828D-A123F310987E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32D7E47E-10F5-4F50-8940-951B2C0011CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.1.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16042FAE-7370-425C-8810-4F9363B7CAA4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.1.1_pre:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4A25A6F-62CA-4C76-9D4C-821B1E15FB1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.1.1_rc2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6247DB0C-37B6-44EF-8B92-8CFCDA537039\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.1.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C46298C-2492-4102-A264-E2A1D45AD423\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.1.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A2AD59F-42DF-407A-8FCA-E6E0067A2B3A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"17E1044B-2101-4719-8749-17DD22F46055\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B7E17261-A010-4929-99E5-A2511F205B72\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A461E2EB-9964-44DE-9C25-562D239201F6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.2.3a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CB6A4EC-D351-4EF8-8C6A-294A47DDCCC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.2.3b:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2B10230A-7D72-418E-8A29-E9F20762C43A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"368C8142-836A-4FDB-9CD8-385FE06B9A62\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1470761E-DA6E-4D2A-B226-1ED782FB3654\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FEB3ED23-821D-42FA-A24F-F2EDDA43D7B6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88BA8736-5998-42E0-81E4-76E3669F8112\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.2.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC9811C9-EE92-4115-B81F-7A3030390BD1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5A196AD2-7E48-40F4-923E-437FA76C97D2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.3.1a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"91D147F0-FF83-4FF4-AEF1-71366E874876\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C6D87C46-D9EC-418B-9C8C-71E7149C72D4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.3.2a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7F6BE0A-7E2F-457D-B4BA-6BAE1B44E7D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.3.2b3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C990B390-4768-41B0-BB8B-A56C2524623F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6650BE9D-5F4B-4B22-BD7E-ABCC067D5455\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1B8E0CA9-F6D4-4DD3-A3EA-F3A40965261B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F67B233-3087-43E6-94F2-5DF39FAA36B7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7725AEF3-1C47-46B4-A35E-97152A84E731\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F3F6C52C-F602-4C2A-8C8F-4A19DA41186F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"45F290E5-6508-4F62-8572-31B33750D341\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D941B5F-B704-4596-8739-BFE34225DBA7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FF13359B-162A-41DF-BB4F-DDD6CA2752F9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7D1AE057-A85C-49D9-981A-3314BD945D08\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:3.4.8a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EAC1F375-34EF-4FEC-B0F4-6A081B6A3B53\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:5.0.3_beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A31EA2D-2B01-4928-9B3E-9D666FD2758B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:5.0.7_beta:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"01CFDB0B-6FBD-49F3-8238-81E92661297E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:5.0.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1655572D-7D56-4D9D-9E0F-A67DF23FC934\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:5.0.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"387E0B83-B240-4922-8C57-CE0CDB000888\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF5B09FF-92DF-4F8D-9A7B-E5086E2B954D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:5.0.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D02321D7-2F3E-40F9-9A76-CFF339C93199\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:5.0.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3B908D49-F64A-488F-95F3-163AB9DAB02D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:5.0.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FF0655C-7C83-4363-A444-993B35D7A7EA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:5.0.15a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"83F8F544-1B09-4B22-B1F3-2CD1E8D7AECD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:5.0.16:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8ACC6DD4-384B-44DE-9BC7-6F1DD374E6B0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:5.0.17a:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D184385A-763A-4971-8051-20564D020787\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:phorum:phorum:5.0.18:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"04B508F8-CFCC-4841-BF70-1ABB28EB1ABC\"}]}]}],\"references\":[{\"url\":\"http://securityreason.com/securityalert/1103\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/436863/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/archive/1/437988/100/0/threaded\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/16977\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27064\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://securityreason.com/securityalert/1103\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/436863/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/archive/1/437988/100/0/threaded\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/16977\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\"]},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/27064\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

fkie_cve-2006-3053

Vulnerability from fkie_nvd

Published

2006-06-16 10:02

Modified

2024-11-21 00:12

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://securityreason.com/securityalert/1103
cve@mitre.org	http://www.securityfocus.com/archive/1/436863/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/archive/1/437988/100/0/threaded
cve@mitre.org	http://www.securityfocus.com/bid/16977	Exploit
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/27064
af854a3a-2127-422b-91ae-364da2661108	http://securityreason.com/securityalert/1103
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/436863/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/437988/100/0/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/16977	Exploit
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/27064

Impacted products

Vendor	Product	Version
phorum	phorum	*
phorum	phorum	3.1
phorum	phorum	3.1.1
phorum	phorum	3.1.1_pre
phorum	phorum	3.1.1_rc2
phorum	phorum	3.1.1a
phorum	phorum	3.1.2
phorum	phorum	3.2
phorum	phorum	3.2.2
phorum	phorum	3.2.3
phorum	phorum	3.2.3a
phorum	phorum	3.2.3b
phorum	phorum	3.2.4
phorum	phorum	3.2.5
phorum	phorum	3.2.6
phorum	phorum	3.2.7
phorum	phorum	3.2.8
phorum	phorum	3.3.1
phorum	phorum	3.3.1a
phorum	phorum	3.3.2
phorum	phorum	3.3.2a
phorum	phorum	3.3.2b3
phorum	phorum	3.4
phorum	phorum	3.4.1
phorum	phorum	3.4.2
phorum	phorum	3.4.3
phorum	phorum	3.4.4
phorum	phorum	3.4.5
phorum	phorum	3.4.6
phorum	phorum	3.4.7
phorum	phorum	3.4.8
phorum	phorum	3.4.8a
phorum	phorum	5.0.3_beta
phorum	phorum	5.0.7_beta
phorum	phorum	5.0.9
phorum	phorum	5.0.10
phorum	phorum	5.0.11
phorum	phorum	5.0.12
phorum	phorum	5.0.13
phorum	phorum	5.0.14
phorum	phorum	5.0.15a
phorum	phorum	5.0.16
phorum	phorum	5.0.17a
phorum	phorum	5.0.18

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "F19AEEA5-7EF8-4D53-828D-A123F310987E",
              "versionEndIncluding": "5.1.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "32D7E47E-10F5-4F50-8940-951B2C0011CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "16042FAE-7370-425C-8810-4F9363B7CAA4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.1.1_pre:*:*:*:*:*:*:*",
              "matchCriteriaId": "B4A25A6F-62CA-4C76-9D4C-821B1E15FB1B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.1.1_rc2:*:*:*:*:*:*:*",
              "matchCriteriaId": "6247DB0C-37B6-44EF-8B92-8CFCDA537039",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.1.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C46298C-2492-4102-A264-E2A1D45AD423",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A2AD59F-42DF-407A-8FCA-E6E0067A2B3A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "17E1044B-2101-4719-8749-17DD22F46055",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "B7E17261-A010-4929-99E5-A2511F205B72",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A461E2EB-9964-44DE-9C25-562D239201F6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.2.3a:*:*:*:*:*:*:*",
              "matchCriteriaId": "9CB6A4EC-D351-4EF8-8C6A-294A47DDCCC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.2.3b:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B10230A-7D72-418E-8A29-E9F20762C43A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "368C8142-836A-4FDB-9CD8-385FE06B9A62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "1470761E-DA6E-4D2A-B226-1ED782FB3654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.2.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "FEB3ED23-821D-42FA-A24F-F2EDDA43D7B6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.2.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "88BA8736-5998-42E0-81E4-76E3669F8112",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.2.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC9811C9-EE92-4115-B81F-7A3030390BD1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "5A196AD2-7E48-40F4-923E-437FA76C97D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.3.1a:*:*:*:*:*:*:*",
              "matchCriteriaId": "91D147F0-FF83-4FF4-AEF1-71366E874876",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6D87C46-D9EC-418B-9C8C-71E7149C72D4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.3.2a:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7F6BE0A-7E2F-457D-B4BA-6BAE1B44E7D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.3.2b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C990B390-4768-41B0-BB8B-A56C2524623F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "6650BE9D-5F4B-4B22-BD7E-ABCC067D5455",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "1B8E0CA9-F6D4-4DD3-A3EA-F3A40965261B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F67B233-3087-43E6-94F2-5DF39FAA36B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "7725AEF3-1C47-46B4-A35E-97152A84E731",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "F3F6C52C-F602-4C2A-8C8F-4A19DA41186F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.4.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "45F290E5-6508-4F62-8572-31B33750D341",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.4.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D941B5F-B704-4596-8739-BFE34225DBA7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "FF13359B-162A-41DF-BB4F-DDD6CA2752F9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.4.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "7D1AE057-A85C-49D9-981A-3314BD945D08",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:3.4.8a:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAC1F375-34EF-4FEC-B0F4-6A081B6A3B53",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.3_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A31EA2D-2B01-4928-9B3E-9D666FD2758B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.7_beta:*:*:*:*:*:*:*",
              "matchCriteriaId": "01CFDB0B-6FBD-49F3-8238-81E92661297E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "1655572D-7D56-4D9D-9E0F-A67DF23FC934",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "387E0B83-B240-4922-8C57-CE0CDB000888",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "CF5B09FF-92DF-4F8D-9A7B-E5086E2B954D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "D02321D7-2F3E-40F9-9A76-CFF339C93199",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "3B908D49-F64A-488F-95F3-163AB9DAB02D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FF0655C-7C83-4363-A444-993B35D7A7EA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.15a:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F8F544-1B09-4B22-B1F3-2CD1E8D7AECD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "8ACC6DD4-384B-44DE-9BC7-6F1DD374E6B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.17a:*:*:*:*:*:*:*",
              "matchCriteriaId": "D184385A-763A-4971-8051-20564D020787",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:phorum:phorum:5.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "04B508F8-CFCC-4841-BF70-1ABB28EB1ABC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [
    {
      "sourceIdentifier": "cve@mitre.org",
      "tags": [
        "disputed"
      ]
    }
  ],
  "descriptions": [
    {
      "lang": "en",
      "value": "PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter.  NOTE: this issue has been disputed by the vendor, who states \"common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum.\"  CVE analysis concurs with the vendor"
    },
    {
      "lang": "es",
      "value": "** EN DISPUTA ** PHP vulnerabilidad de inclusi\u00f3n de archivo remoto en common.php en Phorum v5.1.13 y anteriores permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de una URL en el par\u00e1metro Phorum [http_path]. NOTA: este problema ha sido discutido por el vendedor, quien afirma que \"common.php se comprueba en la primera l\u00ednea de c\u00f3digo no comment-que no se est\u00e1 llamando directamente Ha sido as\u00ed en todas las versiones 5.x de Phorum.\" CVE an\u00e1lisis coincide con el vendedor."
    }
  ],
  "id": "CVE-2006-3053",
  "lastModified": "2024-11-21T00:12:42.723",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2006-06-16T10:02:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://securityreason.com/securityalert/1103"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/436863/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/437988/100/0/threaded"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/16977"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27064"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://securityreason.com/securityalert/1103"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/436863/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/437988/100/0/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://www.securityfocus.com/bid/16977"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27064"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

ghsa-8xpf-4773-x7fx

Vulnerability from github

Published

2022-05-01 07:05

Modified

2022-05-01 07:05

Details

** DISPUTED ** PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor.

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2006-3053"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2006-06-16T10:02:00Z",
    "severity": "HIGH"
  },
  "details": "** DISPUTED **  PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter.  NOTE: this issue has been disputed by the vendor, who states \"common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum.\"  CVE analysis concurs with the vendor.",
  "id": "GHSA-8xpf-4773-x7fx",
  "modified": "2022-05-01T07:05:21Z",
  "published": "2022-05-01T07:05:21Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2006-3053"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27064"
    },
    {
      "type": "WEB",
      "url": "http://securityreason.com/securityalert/1103"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/436863/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/437988/100/0/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/16977"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2006-3053

Vulnerability from gsd

Modified

2023-12-13 01:19

Details

Aliases

CVE-2006-3053

Aliases

CVE-2006-3053

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2006-3053",
    "description": "** DISPUTED **  PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter.  NOTE: this issue has been disputed by the vendor, who states \"common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum.\"  CVE analysis concurs with the vendor.",
    "id": "GSD-2006-3053"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2006-3053"
      ],
      "details": "** DISPUTED **  PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter.  NOTE: this issue has been disputed by the vendor, who states \"common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum.\"  CVE analysis concurs with the vendor.",
      "id": "GSD-2006-3053",
      "modified": "2023-12-13T01:19:57.545077Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2006-3053",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** DISPUTED **  PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter.  NOTE: this issue has been disputed by the vendor, who states \"common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum.\"  CVE analysis concurs with the vendor."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "1103",
            "refsource": "SREASON",
            "url": "http://securityreason.com/securityalert/1103"
          },
          {
            "name": "16977",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/16977"
          },
          {
            "name": "phorum-common-file-include(27064)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27064"
          },
          {
            "name": "20060619 Re: # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/437988/100/0/threaded"
          },
          {
            "name": "20060611 # MHG Security Team --- PHORUM 5.1.13 Remote File Inc.",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/436863/100/0/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F19AEEA5-7EF8-4D53-828D-A123F310987E",
                    "versionEndIncluding": "5.1.13",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "32D7E47E-10F5-4F50-8940-951B2C0011CA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.1.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "16042FAE-7370-425C-8810-4F9363B7CAA4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.1.1_pre:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B4A25A6F-62CA-4C76-9D4C-821B1E15FB1B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.1.1_rc2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6247DB0C-37B6-44EF-8B92-8CFCDA537039",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.1.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "4C46298C-2492-4102-A264-E2A1D45AD423",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.1.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1A2AD59F-42DF-407A-8FCA-E6E0067A2B3A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "17E1044B-2101-4719-8749-17DD22F46055",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.2.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "B7E17261-A010-4929-99E5-A2511F205B72",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.2.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A461E2EB-9964-44DE-9C25-562D239201F6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.2.3a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9CB6A4EC-D351-4EF8-8C6A-294A47DDCCC7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.2.3b:*:*:*:*:*:*:*",
                    "matchCriteriaId": "2B10230A-7D72-418E-8A29-E9F20762C43A",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.2.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "368C8142-836A-4FDB-9CD8-385FE06B9A62",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.2.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1470761E-DA6E-4D2A-B226-1ED782FB3654",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.2.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FEB3ED23-821D-42FA-A24F-F2EDDA43D7B6",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.2.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "88BA8736-5998-42E0-81E4-76E3669F8112",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.2.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "DC9811C9-EE92-4115-B81F-7A3030390BD1",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.3.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "5A196AD2-7E48-40F4-923E-437FA76C97D2",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.3.1a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "91D147F0-FF83-4FF4-AEF1-71366E874876",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.3.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C6D87C46-D9EC-418B-9C8C-71E7149C72D4",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.3.2a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "A7F6BE0A-7E2F-457D-B4BA-6BAE1B44E7D3",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.3.2b3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "C990B390-4768-41B0-BB8B-A56C2524623F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6650BE9D-5F4B-4B22-BD7E-ABCC067D5455",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.4.1:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1B8E0CA9-F6D4-4DD3-A3EA-F3A40965261B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.4.2:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7F67B233-3087-43E6-94F2-5DF39FAA36B7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.4.3:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7725AEF3-1C47-46B4-A35E-97152A84E731",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.4.4:*:*:*:*:*:*:*",
                    "matchCriteriaId": "F3F6C52C-F602-4C2A-8C8F-4A19DA41186F",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.4.5:*:*:*:*:*:*:*",
                    "matchCriteriaId": "45F290E5-6508-4F62-8572-31B33750D341",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.4.6:*:*:*:*:*:*:*",
                    "matchCriteriaId": "6D941B5F-B704-4596-8739-BFE34225DBA7",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.4.7:*:*:*:*:*:*:*",
                    "matchCriteriaId": "FF13359B-162A-41DF-BB4F-DDD6CA2752F9",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.4.8:*:*:*:*:*:*:*",
                    "matchCriteriaId": "7D1AE057-A85C-49D9-981A-3314BD945D08",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:3.4.8a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "EAC1F375-34EF-4FEC-B0F4-6A081B6A3B53",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:5.0.3_beta:*:*:*:*:*:*:*",
                    "matchCriteriaId": "9A31EA2D-2B01-4928-9B3E-9D666FD2758B",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:5.0.7_beta:*:*:*:*:*:*:*",
                    "matchCriteriaId": "01CFDB0B-6FBD-49F3-8238-81E92661297E",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:5.0.9:*:*:*:*:*:*:*",
                    "matchCriteriaId": "1655572D-7D56-4D9D-9E0F-A67DF23FC934",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:5.0.10:*:*:*:*:*:*:*",
                    "matchCriteriaId": "387E0B83-B240-4922-8C57-CE0CDB000888",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:5.0.11:*:*:*:*:*:*:*",
                    "matchCriteriaId": "CF5B09FF-92DF-4F8D-9A7B-E5086E2B954D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:5.0.12:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D02321D7-2F3E-40F9-9A76-CFF339C93199",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:5.0.13:*:*:*:*:*:*:*",
                    "matchCriteriaId": "3B908D49-F64A-488F-95F3-163AB9DAB02D",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:5.0.14:*:*:*:*:*:*:*",
                    "matchCriteriaId": "0FF0655C-7C83-4363-A444-993B35D7A7EA",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:5.0.15a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "83F8F544-1B09-4B22-B1F3-2CD1E8D7AECD",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:5.0.16:*:*:*:*:*:*:*",
                    "matchCriteriaId": "8ACC6DD4-384B-44DE-9BC7-6F1DD374E6B0",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:5.0.17a:*:*:*:*:*:*:*",
                    "matchCriteriaId": "D184385A-763A-4971-8051-20564D020787",
                    "vulnerable": true
                  },
                  {
                    "criteria": "cpe:2.3:a:phorum:phorum:5.0.18:*:*:*:*:*:*:*",
                    "matchCriteriaId": "04B508F8-CFCC-4841-BF70-1ABB28EB1ABC",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter.  NOTE: this issue has been disputed by the vendor, who states \"common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum.\"  CVE analysis concurs with the vendor"
          },
          {
            "lang": "es",
            "value": "** EN DISPUTA ** PHP vulnerabilidad de inclusi\u00f3n de archivo remoto en common.php en Phorum v5.1.13 y anteriores permite a atacantes remotos ejecutar c\u00f3digo PHP arbitrario a trav\u00e9s de una URL en el par\u00e1metro Phorum [http_path]. NOTA: este problema ha sido discutido por el vendedor, quien afirma que \"common.php se comprueba en la primera l\u00ednea de c\u00f3digo no comment-que no se est\u00e1 llamando directamente Ha sido as\u00ed en todas las versiones 5.x de Phorum.\" CVE an\u00e1lisis coincide con el vendedor."
          }
        ],
        "id": "CVE-2006-3053",
        "lastModified": "2024-04-11T00:40:30.123",
        "metrics": {
          "cvssMetricV2": [
            {
              "acInsufInfo": false,
              "baseSeverity": "HIGH",
              "cvssData": {
                "accessComplexity": "LOW",
                "accessVector": "NETWORK",
                "authentication": "NONE",
                "availabilityImpact": "PARTIAL",
                "baseScore": 7.5,
                "confidentialityImpact": "PARTIAL",
                "integrityImpact": "PARTIAL",
                "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
                "version": "2.0"
              },
              "exploitabilityScore": 10.0,
              "impactScore": 6.4,
              "obtainAllPrivilege": false,
              "obtainOtherPrivilege": true,
              "obtainUserPrivilege": false,
              "source": "nvd@nist.gov",
              "type": "Primary",
              "userInteractionRequired": false
            }
          ]
        },
        "published": "2006-06-16T10:02:00.000",
        "references": [
          {
            "source": "cve@mitre.org",
            "url": "http://securityreason.com/securityalert/1103"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.securityfocus.com/archive/1/436863/100/0/threaded"
          },
          {
            "source": "cve@mitre.org",
            "url": "http://www.securityfocus.com/archive/1/437988/100/0/threaded"
          },
          {
            "source": "cve@mitre.org",
            "tags": [
              "Exploit"
            ],
            "url": "http://www.securityfocus.com/bid/16977"
          },
          {
            "source": "cve@mitre.org",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27064"
          }
        ],
        "sourceIdentifier": "cve@mitre.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "NVD-CWE-Other"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          }
        ]
      }
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

cve-2006-3053

Vulnerability from cvelistv5

fkie_cve-2006-3053

Vulnerability from fkie_nvd

ghsa-8xpf-4773-x7fx

Vulnerability from github

gsd-2006-3053

Vulnerability from gsd

Tags

Sightings

Nomenclature