CVE-2007-2596

Properties

Published:
10.05.2007
Updated:
15.05.2007
Patch available:
Severity:
High
CVSS vector:
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Product:
Agner Fog: aForum

Vulnerability description

PHP remote file inclusion vulnerability in common/func.php in aForum 1.32 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the CommonAbsDir parameter.

References:

MILW0RM: http://www.milw0rm.com/exploits/3884
BID: http://www.securityfocus.com/bid/23902
FRSIRT: http://www.frsirt.com/english/advisories/2007/1739