vendor:
phpBB
by:
GolD_M = Mahmood_ali
5.5
CVSS
MEDIUM
Path Traversal
22
CWE
Product Name: phpBB
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
2007
Virtual Path phpBB <== v1.0
The vulnerability allows an attacker to read files outside the intended directory by manipulating the 'phpbb_root_path' parameter in the 'configure.php' script. This can be exploited by appending a path traversal string like 'Evil?' to the URL.
Mitigation:
Update to a newer version of Virtual Path phpBB that addresses the vulnerability. Alternatively, ensure that the 'phpbb_root_path' parameter is properly validated and sanitized.