vendor:
phpBB Extreme
by:
xoron
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: phpBB Extreme
Affected Version From: phpBB Extreme 3.0.1
Affected Version To: phpBB Extreme 3.0.1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
phpBB Extreme 3.0.1 Remote File Include Exploit
This exploit allows an attacker to include a remote file in the vulnerable PHP script 'functions.php' in phpBB Extreme 3.0.1. The vulnerable parameter is 'phpbb_root_path'. By manipulating this parameter, an attacker can include a malicious file from a remote server, potentially leading to remote code execution.
Mitigation:
Update to a patched version of phpBB Extreme or apply a security patch provided by the vendor. Ensure that user input is properly validated and sanitized before using it in file inclusion operations.