CVE-2006-5325

Name of the Vulnerable Software and Affected Versions Dimitri Seitz Security Suite IP Logger in dwingmods for phpBB (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter in several files, including mkb.php, iplogger.php, admin board2.php, and admin logger.php in the includes/ directory. This is due to multiple PHP remote file inclusion vulnerabilities.

Recommendations For Dimitri Seitz Security Suite IP Logger in dwingmods for phpBB, consider restricting access to the phpbb root path parameter in the affected files until a patch is available. As a temporary workaround, avoid using the phpbb root path parameter in the affected API endpoints, such as those in mkb.php, iplogger.php, admin board2.php, and admin logger.php, to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.