Phorum admin.php settings_dir Variable Arbitrary Command Execution

2002-05-17T00:00:00
ID OSVDB:11142
Type osvdb
Reporter OSVDB
Modified 2002-05-17T00:00:00

Description

Manual Testing Notes

http://[victim]/forum/plugin/replace/admin.php: include("$PHORUM[settings_dir]/replace.php");

References:

Related OSVDB ID: 11143 Related OSVDB ID: 11141 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-05/0153.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-05/0147.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2002-05/0156.html ISS X-Force ID: 9107 CVE-2002-0764 Bugtraq ID: 4763