CVE-2004-1315

Name of the Vulnerable Software and Affected Versions: phpBB versions prior to 2.0.11

Description: The issue allows remote attackers to execute arbitrary PHP code by exploiting the improper URL decoding of the highlight parameter in the viewtopic.php file. This is achieved by double-encoding the highlight value, which results in special characters being inserted into the processed result. The vulnerability was exploited by the Santy.A worm.

Recommendations: For versions prior to 2.0.11, update to version 2.0.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the viewtopic.php file or disabling the highlight parameter to minimize the risk of exploitation.