Threat Encyclopedia

Phpbb.Tweaked.PHPBB_Root_Path.File.Inclusion

description-logoDescription

Phpbb Tweaked has a remote file-include vulnerability. A remote attacker could execute an arbitrary script on the web server with the privileges of the server via a specially-crafted URL request to the 'includes/functions.php' script, by using the 'phpbb_root_path' parameter to specify a malicious PHP file from a remote system.

affected-products-logoAffected Products

Phpbb Tweaked version 3 and prior.

Impact logoImpact

Gain Access.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://sourceforge.net/projects/phpbbtweaked/

CVE References

CVE-2007-0656 CVE-2007-0680

Telemetry logoTelemetry