CVE-2006-5148 - Horticultural System

Description

Multiple PHP remote file inclusion vulnerabilities in Forum82 2.5.2b and earlier allow remote attackers to execute arbitrary PHP code via a URL in the repertorylevel parameter including scripts in /forum/ including (1) search.php (2) message.php (3) member.php (4) mail.php (5) lostpassword.php (6) gesfil.php (7) forum82lib.php3 and other unspecified scripts.

Reference

http://www.securityfocus.com/bid/20291 http://secunia.com/advisories/22214 http://www.vupen.com/english/advisories/2006/3865 https://www.exploit-db.com/exploits/2459