Markus Arndt wrote:
> Target:
> Phorum 3.3.2a (prior versions?)
>
> Description:
> In Phorum 3.3.2a (a bulletin board) there's a security flaw that lets remote users
> include external php scripts and execute arbitary code.
Also admin.php is explotable ;)
forum/plugin/replace/admin.php: include("$PHORUM[settings_dir]/replace.php");
