PT-2006-5970 · Phpbb · Phpbb
Published
2006-10-11
·
Updated
2011-03-08
·
CVE-2006-5235
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
phpBB versions 0.2.6 and earlier
Description
A remote file inclusion issue in the includes/functions kb.php file allows remote attackers to execute arbitrary PHP code via a URL in the
phpbb root path parameter.Recommendations
For versions 0.2.6 and earlier, consider restricting access to the
includes/functions kb.php file until a patch is available. As a temporary workaround, avoid using the phpbb root path parameter in URLs to minimize the risk of exploitation.Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Phpbb