HTTP: Phorum Remote PHP File Inclusion
This signature detects attempts to exploit a known vulnerability in the PHP Phorum bulletin board system. A successful attack can allow attackers to remotely execute arbitrary commands with HTTP server privileges.
Extended Description
Phorum is a PHP based web forums package designed for most UNIX variants, Linux, and Microsoft Windows operating systems. A vulnerability has been reported in Phorum that will allow remote attackers to specify external PHP scripts and potentially execute commands. The vulnerability exists in 'plugin.php','admin.php' and 'del.php' files found in the distribution of Phorum. It is possible for a malicious attacker to specify the location of a parameter to the vulnerable PHP files by passing an argument via URL to the PHP files.
Affected Products
Phorum phorum
Short Name
HTTP:PHP:PHORUM:REMOTE-EXEC
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2002-0764 File Inclusion PHP Phorum Remote bid:4763
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Phorum
CVSS Score
7.5