Intrusion Prevention

PHPMyphorum.Frame.PHP.File.Inclusion

Description

PHPMyphorum has a remote file-include vulnerability. A remote attacker could execute an arbitrary script on the web server with the privileges of the server via a specially-crafted URL request to the 'mep/frame.php' script, by using the 'chem' parameter to specify a malicious PHP file from a remote system.

Affected Products

PHPMyphorum version 1.5a and prior.

Impact

Gain Access.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://www.comscripts.com/scripts/php.phpmyphorum.1104.html

CVE References

CVE-2007-0361