PHP remote file inclusion vulnerability in common.php in Phorum 3.2.11 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the db_file parameter. NOTE: CVE disputes this vulnerability because db_file is defined before useReferenceshttps://www.exploit-db.com/exploits/2894https://exchange.xforce.ibmcloud.com/vulnerabilities/30741
