CVE-2006-5306

Name of the Vulnerable Software and Affected Versions phpBB Journals System module versions 1.0.2 (RC2) and earlier

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter in several PHP files, including includes/journals delete.php, includes/journals post.php, and includes/journals edit.php.

Recommendations For phpBB Journals System module versions 1.0.2 (RC2) and earlier, consider disabling the includes/journals delete.php, includes/journals post.php, and includes/journals edit.php files until a patch is available to prevent remote attackers from executing arbitrary PHP code. Restrict access to the phpbb root path parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.