Strix
26.1K

CVE-2006-3053

UnknownEPSS 2.83%

Last modified

CVE-2006-3053 is a vulnerability of currently unknown severity. PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. EPSS estimates a 2.83% chance of exploitation in the next 30 days.

Description

PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor

Metrics

EPSS Probability
2.83%

84.8th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
PhorumPhorum<= 5.1.13
PhorumPhorum3.1
PhorumPhorum3.1.1
PhorumPhorum3.1.1_pre
PhorumPhorum3.1.1_rc2
PhorumPhorum3.1.1a
PhorumPhorum3.1.2
PhorumPhorum3.2
PhorumPhorum3.2.2
PhorumPhorum3.2.3
PhorumPhorum3.2.3a
PhorumPhorum3.2.3b
PhorumPhorum3.2.4
PhorumPhorum3.2.5
PhorumPhorum3.2.6
PhorumPhorum3.2.7
PhorumPhorum3.2.8
PhorumPhorum3.3.1
PhorumPhorum3.3.1a
PhorumPhorum3.3.2
PhorumPhorum3.3.2a
PhorumPhorum3.3.2b3
PhorumPhorum3.4
PhorumPhorum3.4.1
PhorumPhorum3.4.2
PhorumPhorum3.4.3
PhorumPhorum3.4.4
PhorumPhorum3.4.5
PhorumPhorum3.4.6
PhorumPhorum3.4.7
PhorumPhorum3.4.8
PhorumPhorum3.4.8a
PhorumPhorum5.0.3_beta
PhorumPhorum5.0.7_beta
PhorumPhorum5.0.9
PhorumPhorum5.0.10
PhorumPhorum5.0.11
PhorumPhorum5.0.12
PhorumPhorum5.0.13
PhorumPhorum5.0.14
PhorumPhorum5.0.15a
PhorumPhorum5.0.16
PhorumPhorum5.0.17a
PhorumPhorum5.0.18

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-3053?
PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states "common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum." CVE analysis concurs with the vendor
How severe is CVE-2006-3053?
Severity scoring for CVE-2006-3053 is pending analysis. The EPSS model estimates a 2.83% probability of exploitation in the next 30 days.
How do I fix CVE-2006-3053?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-3053?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST