CVE-2007-5100

Name of the Vulnerable Software and Affected Versions phpBB Plus versions 1.53 through 1.53a before 20070922

Description The issue allows remote attackers to execute arbitrary PHP code when register globals is enabled. This is achieved by providing a URL in the phpbb root path parameter to specific PHP files, including (1) "language/lang german/lang admin album.php", (2) "language/lang english/lang main album.php", and (3) "language/lang english/lang admin album.php".

Recommendations For phpBB Plus versions 1.53 through 1.53a before 20070922, consider disabling the register globals setting to prevent exploitation until a patch is available. Restrict access to the vulnerable PHP files, specifically "language/lang german/lang admin album.php", "language/lang english/lang main album.php", and "language/lang english/lang admin album.php", to minimize the risk of arbitrary PHP code execution. Avoid using the phpbb root path parameter in the affected API endpoints until the issue is resolved.