GEN:SID 1:1137
Message WEB-PHP Phorum authentication access
Summary This event is generated when an attempt is made to access the php
application Phorum using a default administrator account.
Impact Severe - Phorum administration is controlled by the attacker
Detailed Information Phorum is a popular PHP forum and versions 3.0.7 and previous are
vulnerable to this exploit.  An attacker can exploit a bug in Phorum's
auth.php script to gain administration access using a universal password
(boogieman) supplied with the variable PHP_AUTH_USER. Phorum's PHP
scripts rely on auth.php to authenticate the user.
Affected Systems  
Attack Scenarios The attacker requests /admin.php?PHP_AUTH_USER=boogieman from the Phorum
PHP scripts. It is now possible to use the administration script to
modify all Phorum settings.
Ease of Attack Simple
Corrective Action Update Phorum from www.phorum.org
Additional References  
Rule References arachnids: 206
bugtraq: 2274