Release DateJan 05, 2012 |
Severitymedium |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates a possible attack against a remote File Include vulnerability in Phpbb Tweaked.The vulnerability may allow a remote attacker to include and execute an arbitrary file on the web server with the privileges of the server via a specially-crafted URL request to the 'includes/functions.php' script, by using the 'phpbb_root_path' parameter to specify a malicious PHP file from a remote system. |
Affected ProductsPhpbb Tweaked version 3 and prior. |
Recommended ActionsCurrently we are not aware of any vendor-supplied patches for this issue.http://sourceforge.net/projects/phpbbtweaked/ |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-0680CVE-2007-0656 |
Reference/shttp://www.securityfocus.com/bid/22344 (BugTraq)http://www.securityfocus.com/bid/22320 (BugTraq) |
