PHP remote file inclusion vulnerability in dForum 1.5 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the DFORUM_PATH parameter to (1) about.php, (2) admin.php, (3) anmelden.php, (4) losethread.php, (5) config.php, (6) delpost.php, (7) delthread.php, (8) dfcode.php, (9) download.php, (10) editanoc.php, (11) forum.php, (12) login.php, (13) makethread.php, (14) menu.php, (15) newthread.php, (16) openthread.php, (17) overview.php, (18) post.php, (19) suchen.php, (20) user.php, (21) userconfig.php, (22) userinfo.php, and (23) verwalten.php.
https://exchange.xforce.ibmcloud.com/vulnerabilities/26035
http://www.vupen.com/english/advisories/2006/1482
http://www.securityfocus.com/archive/1/431758
http://www.nukedx.com/?viewdoc=27
http://secunia.com/advisories/19788
http://lists.grok.org.uk/pipermail/full-disclosure/2006-April/045369.html