vendor:
phpBB Module XS
by:
bd0rk
7.5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: phpBB Module XS
Affected Version From: 2.3.2001
Affected Version To: 2.3.2001
Patch Exists: YES
Related CWE: N/A
CPE: a:phpbbmods:phpbb_module_xs:2.3.1
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
phpBB Module XS 2.3.1 Local File Inclusion Exploit
This exploit allows an attacker to include a file from the local file system of the web server. The vulnerability is due to the use of user-supplied input without proper validation. A remote attacker can exploit this vulnerability to include a file from the local file system of the web server and execute arbitrary code on the vulnerable system.
Mitigation:
Input validation should be used to prevent the inclusion of malicious files.