Phorum admin.php3无需验证修改管理员口令漏洞

BUGTRAQ: 2271 Phorum是一款基于PHP的WEB论坛程序，可使用在Linux和Unix操作系统下，也可使用在Microsoft Windows操作系统下。Phorum存在一个问题，远程攻击者可以访问本地系统文件。 admin.php3脚本用于安全和管理被创建的论坛。它带有口令保护，但存在漏洞可以无需访问权限修改管理员口令。一旦拥有了管理功能的访问权限，就可以进入 Master Setting 功能，在 default .langfile name 输入框输入想要访问的系统本地文件，重新载入admin.php3页面后就可以浏览这个文件的内容了。 3.0.7 and...

CVE-2006-6550

CVE-2006-6550 affects Phorum 3.2.11 and earlier, describing a PHP remote file inclusion vulnerability in common.php that could allow an attacker to execute arbitrary PHP code via a URL in the db_file parameter. The CVE entry notes a dispute about the vulnerability because db_file is defined befor...

CVE-2006-6550

PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the dbfile parameter. NOTE: CVE disputes this vulnerability because dbfile is defined before use...

Phorum 3.2.11 - 'common.php' Remote File Inclusion

=========================================================== Yee7TeaM WwW.Yee7.CoM =========================================================== Software: Phorum v3.2.11 Vendor: http://www.phorum.org/ Download: http://skrypty.webpc.pl/pobierz274.html Dork: "Copyright C 2000 Phorum Development Team"...