PHP remote file inclusion vulnerability in common.php in PHORUM 5.1.13 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the PHORUM[http_path] parameter. NOTE: this issue has been disputed by the vendor, who states common.php is checked on the very first line of non-comment code that it is not being called directly. It has been this way in all 5.x version of Phorum. CVE analysis concurs with the vendor
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phorum | Phorum | * | 5.1.13 (including) |
| Phorum | Phorum | 3.1 (including) | 3.1 (including) |
| Phorum | Phorum | 3.1.1 (including) | 3.1.1 (including) |
| Phorum | Phorum | 3.1.1_pre (including) | 3.1.1_pre (including) |
| Phorum | Phorum | 3.1.1_rc2 (including) | 3.1.1_rc2 (including) |
| Phorum | Phorum | 3.1.1a (including) | 3.1.1a (including) |
| Phorum | Phorum | 3.1.2 (including) | 3.1.2 (including) |
| Phorum | Phorum | 3.2 (including) | 3.2 (including) |
| Phorum | Phorum | 3.2.2 (including) | 3.2.2 (including) |
| Phorum | Phorum | 3.2.3 (including) | 3.2.3 (including) |
| Phorum | Phorum | 3.2.3a (including) | 3.2.3a (including) |
| Phorum | Phorum | 3.2.3b (including) | 3.2.3b (including) |
| Phorum | Phorum | 3.2.4 (including) | 3.2.4 (including) |
| Phorum | Phorum | 3.2.5 (including) | 3.2.5 (including) |
| Phorum | Phorum | 3.2.6 (including) | 3.2.6 (including) |
| Phorum | Phorum | 3.2.7 (including) | 3.2.7 (including) |
| Phorum | Phorum | 3.2.8 (including) | 3.2.8 (including) |
| Phorum | Phorum | 3.3.1 (including) | 3.3.1 (including) |
| Phorum | Phorum | 3.3.1a (including) | 3.3.1a (including) |
| Phorum | Phorum | 3.3.2 (including) | 3.3.2 (including) |
| Phorum | Phorum | 3.3.2a (including) | 3.3.2a (including) |
| Phorum | Phorum | 3.3.2b3 (including) | 3.3.2b3 (including) |
| Phorum | Phorum | 3.4 (including) | 3.4 (including) |
| Phorum | Phorum | 3.4.1 (including) | 3.4.1 (including) |
| Phorum | Phorum | 3.4.2 (including) | 3.4.2 (including) |
| Phorum | Phorum | 3.4.3 (including) | 3.4.3 (including) |
| Phorum | Phorum | 3.4.4 (including) | 3.4.4 (including) |
| Phorum | Phorum | 3.4.5 (including) | 3.4.5 (including) |
| Phorum | Phorum | 3.4.6 (including) | 3.4.6 (including) |
| Phorum | Phorum | 3.4.7 (including) | 3.4.7 (including) |
| Phorum | Phorum | 3.4.8 (including) | 3.4.8 (including) |
| Phorum | Phorum | 3.4.8a (including) | 3.4.8a (including) |
| Phorum | Phorum | 5.0.3_beta (including) | 5.0.3_beta (including) |
| Phorum | Phorum | 5.0.7_beta (including) | 5.0.7_beta (including) |
| Phorum | Phorum | 5.0.9 (including) | 5.0.9 (including) |
| Phorum | Phorum | 5.0.10 (including) | 5.0.10 (including) |
| Phorum | Phorum | 5.0.11 (including) | 5.0.11 (including) |
| Phorum | Phorum | 5.0.12 (including) | 5.0.12 (including) |
| Phorum | Phorum | 5.0.13 (including) | 5.0.13 (including) |
| Phorum | Phorum | 5.0.14 (including) | 5.0.14 (including) |
| Phorum | Phorum | 5.0.15a (including) | 5.0.15a (including) |
| Phorum | Phorum | 5.0.16 (including) | 5.0.16 (including) |
| Phorum | Phorum | 5.0.17a (including) | 5.0.17a (including) |
| Phorum | Phorum | 5.0.18 (including) | 5.0.18 (including) |