Info

Disclosure

Jul 13, 2006

Discovery

Unknown

Dates

Exploit

Jul 13, 2006

Solution

Unknown

Description

Phorum contains a flaw that may allow an attacker to include arbitrary files from local resources. The issue is due to 'pm.php' not properly sanitizing user input supplied to the 'template' variable. This may allow an attacker to inject arbitrary PHP code into the web logs before including the log via the vulnerable script.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
OSVDB: Web Related

Solution

Upgrade to version 5.1.15 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround(s): Disable register_globals PHP option.

Products

Phorum

5.1.14

References

CVE ID: 2006-3611 (see also: NVD)
Milw0rm: 2008
Exploit Database: 2008
Secunia Advisory ID: 21043
VUPEN Advisory: ADV-2006-2794
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0191.html
http://archives.neohapsis.com/archives/bugtraq/2006-07/0200.html
http://archives.neohapsis.com/archives/bugtraq/2006-07/0483.html
Other Advisory URL: http://retrogod.altervista.org/phorum5_local_incl_xpl.html
Vendor Specific Solution URL: http://www.phorum.org/downloads.php

Credit

rgod - rgodautistici.org - http://retrogod.altervista.org

Direct URL: http://osvdb.org/27164