Radek Hulan

**Name of the Vulnerable Software and Affected Versions** PunBB versions 1.1.2 through 1.1.5 **Description** The issue allows remote attackers to execute arbitrary code via the `pun root` parameter in the common.php file. This is a result of a remote file inclusion vulnerability. **Recommendations** For PunBB versions 1.1.2 through 1.1.5, consider restricting access to the common.php file to minimize the risk of exploitation. Avoid using the `pun root` parameter in affected configurations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.