Directory traversal vulnerability in pm.php in Phorum 5 allows remote authenticated users to include and execute arbitrary local files via directory traversal sequences in the GLOBALS[template] parameter, as demonstrated by injecting PHP sequences into a log file, which is then included by pm.php. Successful exploitation requires that register_globals is enabled.
This vulnerability is addresses in the following product release:
Phorum, Phorum, 5.1.15
Publication date: Tue, 18 Jul 2006 20:46:00 +0000