Oo

**Name of the Vulnerable Software and Affected Versions** phpBB Advanced Guestbook versions 2.4.0 and earlier **Description** The issue allows remote attackers to include arbitrary files via the `phpbb root path` parameter in the "admin/addentry.php" endpoint, when register globals is enabled. **Recommendations** For versions 2.4.0 and earlier, disable the register globals setting to prevent exploitation. As a temporary workaround, consider restricting access to the "admin/addentry.php" endpoint until a patch is available. Avoid using the `phpbb root path` parameter in the affected endpoint until the issue is resolved.