Threat Encyclopedia



This indicates a possible attack against a remote File Include vulnerability in Phpbb Tweaked.
The vulnerability may allow a remote attacker to include and execute an arbitrary file on the web server with the privileges of the server via a specially-crafted URL request to the 'includes/functions.php' script, by using the 'phpbb_root_path' parameter to specify a malicious PHP file from a remote system.

affected-products-logoAffected Products

Phpbb Tweaked version 3 and prior.


System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References

CVE-2007-0656 CVE-2007-0680