Direct Code Injection Vulnerability in phpBB by phpBB Group
CVE-2006-1895

Currently unrated

Key Information:

Vendor: PHPbb Group
Status: PHPbb
Vendor: CVE Published:; 20 April 2006

🔔 Create PHPbb Group Vulnerability Alert

What is CVE-2006-1895?

A direct static code injection vulnerability exists in phpBB due to improper validation in the template handling process. This allows remote authenticated users with write access to modify templates in ways that can execute arbitrary PHP code. The vulnerability can be exploited by bypassing regular expression checks or manipulating template files utilized in PHP eval statements, posing significant security risks for phpBB users.

References

http://www.securityfocus.com/archive/1/431017/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/17573

vdb-entryx_refsource_BID

http://securityreason.com/securityalert/769

third-party-advisoryx_refsource_SREASON

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2006
Vulnerability Reserved
Apr 20, 2006

CVE-2006-1895 Data

JSON