Intrusion PreventionphpBB.Tweaked.PHPBB.Root.Path.Remote.File.Inclusion
Description
This indicates a possible attack against a remote File Include vulnerability in Phpbb Tweaked.
The vulnerability may allow a remote attacker to include and execute an arbitrary file on the web server with the privileges of the server via a specially-crafted URL request to the 'includes/functions.php' script, by using the 'phpbb_root_path' parameter to specify a malicious PHP file from a remote system.
Affected Products
Phpbb Tweaked version 3 and prior.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems.
Recommended Actions
Currently we are not aware of any vendor-supplied patches for this issue.
http://sourceforge.net/projects/phpbbtweaked/
Telemetry
Coverage
| IPS (Regular DB) | |
| IPS (Extended DB) |
Version Updates
| Date | Version | Detail |
|---|---|---|
| 2019-11-22 | 15.729 | Name:Phpbb. Tweaked. PHPBB. Root. Path. Remote. File. Inclusion:phpBB. Tweaked. PHPBB. Root. Path. Remote. File. Inclusion |
| ID | 30533 |
| Created | Jan 05, 2012 |
| Updated | Feb 24, 2022 |
| Risk |
|
| CVE ID | CVE-2007-0656 CVE-2007-0680 |
| Exploit Prediction Score | 16.83% |
| Default Action | drop |
| Active | |
| Affected OS | Windows, Linux, BSD, Solaris, MacOS |
| Affected App | PHP_app |