Markus Arndt wrote: > Target: > Phorum 3.3.2a (prior versions?) > > Description: > In Phorum 3.3.2a (a bulletin board) there's a security flaw that lets remote users > include external php scripts and execute arbitary code. Also admin.php is explotable ;) forum/plugin/replace/admin.php: include("$PHORUM[settings_dir]/replace.php");
This archive was generated by hypermail 2b30 : Sat May 18 2002 - 12:29:28 PDT