sorry no, this is not the same case.
The line you posted is inbetween a
if(file_exists("$PHORUM[settings_dir]/replace.php")) {
...
file_exists only works on local filesystems.
This may only work on the local server, if a user has access to it.
Thomas
On Sat, 18 May 2002 15:58:19 -0300
"Gabriel A. Maggiotti" <gmaggiot@ciudad.com.ar> wrote:
> Markus Arndt wrote:
>
> > Target:
> > Phorum 3.3.2a (prior versions?)
> >
> > Description:
> > In Phorum 3.3.2a (a bulletin board) there's a security flaw that lets remote users
> > include external php scripts and execute arbitary code.
>
> Also admin.php is explotable ;)
>
> forum/plugin/replace/admin.php: include("$PHORUM[settings_dir]/replace.php");
>
