Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4.2 allow remote attackers to execute arbitrary commands and modify the Phorum configuration files via the (1) UserAdmin program, (2) Edit user profile, or (3) stats program.
https://exchange.xforce.ibmcloud.com/vulnerabilities/12500
http://www.securityfocus.com/bid/7579
http://www.securityfocus.com/bid/7578
http://www.securityfocus.com/bid/7574