register.php in S8Forum 3.0 allows remote attackers to execute arbitrary PHP commands by creating a user whose name ends in a .php extension and entering the desired commands into the E-mail field, which creates a web-accessible .php file that can be called by the attacker, as demonstrated using a system($cmd) E-mail address with a any_name.php username.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| S8forum | Kelli_shaver | 3.0 (including) | 3.0 (including) |