Noch22

**Name of the Vulnerable Software and Affected Versions** phpBB (affected versions not specified) **Description** The issue concerns a direct static code injection vulnerability. It allows remote authenticated users with write access to execute arbitrary PHP code. This can be achieved by modifying a template to bypass a loose ".*" regular expression used to match BEGIN and END statements in overall header.tpl. Alternatively, the vulnerability can be exploited through an eval statement in includes/bbcode.php for bbcode.tpl. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** phpBB (affected versions not specified) **Description** The issue allows remote authenticated users with Administration Panel access to execute arbitrary PHP code. This can be achieved by crafting specific values, such as Font Colour 3, which is associated with the `theme[fontcolor3]` variable, and/or signature values. The vulnerability might involve the highlight functionality, although the exact nature of the issue, whether it is static code injection, eval injection, or another type, is not clearly specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.