CVE-2002-1707

Name of the Vulnerable Software and Affected Versions phpBB versions 2.0 through 2.0.1

Description The issue allows remote attackers to execute arbitrary PHP code. This is possible when the allow url fopen and register globals variables are set to "on". Attackers can modify the phpbb root dir parameter to reference a URL on a remote web server that contains the malicious code.

Recommendations For phpBB versions 2.0 through 2.0.1, consider disabling the register globals variable and setting allow url fopen to "off" as a temporary workaround to minimize the risk of exploitation. Restrict access to the install.php file until a patch is available.