PT-2007-2211 · Phpbb · Phpbb Ezboard Converter

Xoron

Published

2007-02-06

Updated

2017-10-19

CVE-2007-0761

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phpBB ezBoard converter (ezconvert) version 0.2

Description The issue allows remote attackers to execute arbitrary PHP code via a URL in the ezconvert dir parameter. This is a result of a remote file inclusion vulnerability in the config.php file of the phpBB ezBoard converter.

Recommendations For version 0.2, consider restricting access to the ezconvert dir parameter to minimize the risk of exploitation. As a temporary workaround, avoid using the ezconvert dir parameter in the affected config.php file until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2007-0761

Affected Products

Phpbb Ezboard Converter

PT-2007-2211 · Phpbb · Phpbb Ezboard Converter

CVE-2007-0761

Related Identifiers

Affected Products

References · 7