PT-2006-3655 · Phpbb · Activity Mod Plus
Mustafa Can Bjorn Ipekci
+1
·
Published
2006-06-01
·
Updated
2018-10-18
·
CVE-2006-2735
CVSS v2.0
5.1
Medium
| Vector | AV:N/AC:H/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
Activity MOD Plus (Amod) version 1.1.0
Description
The issue allows remote attackers to execute arbitrary PHP code via a URL in the
phpbb root path parameter when register globals is enabled. This is similar to a previously identified issue.Recommendations
For Activity MOD Plus (Amod) version 1.1.0, consider disabling the
register globals setting to mitigate the risk of exploitation. Additionally, restrict access to the lang activity.php file to minimize the risk of arbitrary PHP code execution.Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Activity Mod Plus