OSVDB ID: 30035

Title: Fully Modded phpBB Multiple Script foing_root_path Parameter Remote File Inclusion

Info

Disclosure

Oct 23, 2006

Discovery

Unknown

Dates

Exploit

Oct 23, 2006

Solution

Unknown

Description

Fully Modded phpBB has been reported to contain a flaw that may allow a remote attacker to execute arbitrary commands. The issue is supposedly due to multiple scripts in the /flash/ and /admin/ directory not properly sanitizing user input supplied to the 'foing_root_path' variable. However, subsquent analysis by CVE indicates that these scripts set the value before being used so that an attacker could not manipulate the content.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
OSVDB: Web Related, Myth / Fake

Solution

The vulnerability reported is incorrect. No solution required.

Products

Fully Modded phpBB

2021.4.40

References

CVE ID: 2006-5526 (see also: NVD)
Secunia Advisory ID: 22499
Exploit Database: 2621
Milw0rm: 2621
ISS X-Force ID: 29718
VUPEN Advisory: ADV-2006-4165
Vendor URL: http://phpbbfm.net/

Credit

020 -

Direct URL: http://osvdb.org/30035