vendor:
phpBB
by:
Unknown
7.5
CVSS
HIGH
Remote Code Execution
Unknown
CWE
Product Name: phpBB
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE: Unknown
CPE: Unknown
Platforms Tested: Unknown
Unknown
Remote PHP Script Injection in phpBB ‘viewtopic.php’ Script
The 'viewtopic.php' phpBB script is prone to a remote PHP script injection vulnerability because the application fails to properly sanitize user-supplied URI parameters before using them to construct dynamically generated web pages. Exploiting this issue may allow a remote attacker to execute arbitrary commands in the context of the webserver that is hosting the vulnerable software.
Mitigation:
Unknown