{"$ref":"https://www.cert.ssi.gouv.fr/openapi.json","affected_systems":[],"affected_systems_content":"<P><SPAN class=\"textit\">Phorum</SPAN> versions 5.1.14 et  ant\u00e9rieures.</P>","content":"## Description\n\nDeux vuln\u00e9rabilit\u00e9s de type php include permettent l'ex\u00e9cution de code\narbitraire \u00e0 distance sur le serveur. L'exploitation de ces failles\nn\u00e9cessitent l'activation de la variable register_globals.\n\nUne vuln\u00e9rabilit\u00e9 permettant de r\u00e9aliser des attaques de type cross site\nscripting a \u00e9galement \u00e9t\u00e9 d\u00e9couverte.\n\n## Solution\n\nMettre \u00e0 jour Phorum en version 5.1.15 (voir Documentation).\n","cves":[{"name":"CVE-2006-3615","url":"https://www.cve.org/CVERecord?id=CVE-2006-3615"}],"links":[{"title":"Notes de changement de version 5.1.15 de Phorum du 13    juillet 2006 :","url":"http://www.phorum.org/phorum5/read.php?12,114358"},{"title":"Version 5.1.15 de Phorum :","url":"http://www.phorum.org/downloads.php"}],"reference":"CERTA-2006-AVI-330","revisions":[{"description":"version initiale.","revision_date":"2006-08-04T00:00:00.000000"}],"risks":[{"description":"Injection de code indirecte \u00e0 distance (XSS)"},{"description":"Ex\u00e9cution de code arbitraire \u00e0 distance"}],"summary":null,"title":"Multiples vuln\u00e9rabilit\u00e9s dans Phorum","vendor_advisories":[{"published_at":null,"title":"Notes de changement de version 5.1.15 de Phorum du 13 juillet 2006","url":null}]}