Threat Encyclopedia

phpBB.Tweaked.PHPBB.Root.Path.Remote.File.Inclusion

description-logoDescription

This indicates a possible attack against a remote File Include vulnerability in Phpbb Tweaked.
The vulnerability may allow a remote attacker to include and execute an arbitrary file on the web server with the privileges of the server via a specially-crafted URL request to the 'includes/functions.php' script, by using the 'phpbb_root_path' parameter to specify a malicious PHP file from a remote system.

affected-products-logoAffected Products

Phpbb Tweaked version 3 and prior.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems.

recomended-action-logoRecommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://sourceforge.net/projects/phpbbtweaked/

CVE References

CVE-2007-0656 CVE-2007-0680