CVE-2006-5610

Name of the Vulnerable Software and Affected Versions: phpBB versions prior to the version that fixes the issue in Fully Modded phpBB (phpbbfm) 2021.4.40

Description: The issue allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter. This is a result of a PHP remote file inclusion vulnerability in the player/includes/common.php file.

Recommendations: For versions prior to the fixed version, consider restricting access to the phpbb root path parameter to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.