Unrated severityNVD Advisory· Published Apr 25, 2006· Updated Jun 16, 2026
CVE-2006-1994
CVE-2006-1994
Description
PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
7- www.securityfocus.com/bid/17650nvdExploit
- secunia.com/advisories/19788nvdVendor Advisory
- www.nukedx.comnvdVendor Advisory
- lists.grok.org.uk/pipermail/full-disclosure/2006-April/045369.htmlnvd
- www.securityfocus.com/archive/1/431758nvd
- www.vupen.com/english/advisories/2006/1482nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/26035nvd
News mentions
0No linked articles in our index yet.