|
|
phpBB2 Plus "phpbb_root_path" Remote PHP File Inclusion Vulnerabilities
|
Multiple vulnerabilities have been identified in phpBB2 Plus, which could be exploited by attackers to execute arbitrary commands. These issues are caused by input validation errors in the "language/lang_german/lang_main_album.php", "language/lang_german/lang_admin_album.php", "language/lang_english/lang_main_album.php", and "language/lang_english/lang_admin_album.php" scripts when processing the "phpbb_root_path" parameter, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
phpBB2 Plus version 1.53 and prior
Upgrade to phpBB2 Plus version 1.53a :
http://www.phpbb2.de/dload.php
http://www.vupen.com/english/advisories/2007/3247
http://www.phpbb2.de/ftopic45218.html
Vulnerabilities reported by Mehrad Ansari Targhi and the vendor.
2007-09-24 : Initial release
If you have additional information or corrections for this security advisory please submit them via our contact form. | |
|
|
|
Monthly Statistics |
 |
|
|
|
| |
|
Try VUPEN
VNS |
 |
|
 |
|
| |
|
 |
| |
|
|
|
|
