virus logo Intrusion Prevention

Foing.Module.phpBB.phpbb_root_path.File.Inclusion

description-logoDescription

Foing has multiple remote file-include vulnerabilities. A remote attacker could execute arbitrary script code on the web server, with the privileges of the server, via a specially crafted URL request to the index.php, song.php, faz.php, list.php, gen_m3u.php or playlist.php script, by using the 'phpbb_root_path' parameter to specify a malicious PHP file from a remote system.

affected-products-logoAffected Products

Foing (module for phpBB) version 0.7.0 and prior

Impact logoImpact

Gain Access

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://foing.sourceforge.net/

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)
ID 103481646
Created Jan 30, 2007
Updated Apr 23, 2014
Risk black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon lightgray-background-circle-icon
CVE ID CVE-2006-2507
Exploit Prediction Score 14.77%
Default Action Unavailable
Active