Markus Arndt wrote: > Target: > Phorum 3.3.2a (prior versions?) > > Description: > In Phorum 3.3.2a (a bulletin board) there's a security flaw that lets remote users > include external php scripts and execute arbitary code.
Also admin.php is explotable ;)
forum/plugin/replace/admin.php: include("$PHORUM[settings_dir]/replace.php");
