CVE-2009-0592

Name of the Vulnerable Software and Affected Versions PNphpBB2 versions 1.2i and earlier

Description The issue allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ModName parameter to various PHP files in the admin/ directory, including "admin words.php", "admin groups reapir.php", "admin smilies.php", "admin ranks.php", "admin styles.php", and "admin users.php".

Recommendations For PNphpBB2 versions 1.2i and earlier, consider restricting access to the admin/ directory and its files, such as "admin words.php", "admin groups reapir.php", "admin smilies.php", "admin ranks.php", "admin styles.php", and "admin users.php", to minimize the risk of exploitation. Avoid using the ModName parameter in these files until the issue is resolved.