CVE-2008-5585

Name of the Vulnerable Software and Affected Versions lcxBBportal version 0.1 Alpha 2

Description The issue allows remote attackers to execute arbitrary PHP code. This can be achieved by providing a URL in the phpbb root path parameter to specific API endpoints, such as "/portal/includes/portal block.php" and "/includes/acp/acp lcxbbportal.php".

Recommendations For lcxBBportal version 0.1 Alpha 2, as a temporary workaround, consider restricting access to the portal block.php and acp lcxbbportal.php files until a patch is available. Avoid using the phpbb root path parameter in the affected API endpoints until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.