CVE-2006-1895

Name of the Vulnerable Software and Affected Versions phpBB (affected versions not specified)

Description The issue concerns a direct static code injection vulnerability. It allows remote authenticated users with write access to execute arbitrary PHP code. This can be achieved by modifying a template to bypass a loose ".*" regular expression used to match BEGIN and END statements in overall header.tpl. Alternatively, the vulnerability can be exploited through an eval statement in includes/bbcode.php for bbcode.tpl.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.