CVE-2007-1695

Name of the Vulnerable Software and Affected Versions: phpBB version 2.0.19

Description: A remote file inclusion issue in the includes/usercp register.php file allows remote attackers to execute arbitrary PHP code via a URL in the phpbb root path parameter. However, it has been noted that this issue is disputed by third-party researchers, who claim that the file checks for a global constant and cannot be accessed directly.

Recommendations: For phpBB version 2.0.19, consider restricting access to the includes/usercp register.php file to minimize the risk of exploitation. Additionally, avoid using the phpbb root path parameter in untrusted input until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.