Direct Code Injection Vulnerability in phpBB by phpBB Group
CVE-2006-1895

Currently unrated

Key Information:

Vendor

PHPbb Group

Status
PHPbb
Vendor
CVE Published:
20 April 2006

What is CVE-2006-1895?

A direct static code injection vulnerability exists in phpBB due to improper validation in the template handling process. This allows remote authenticated users with write access to modify templates in ways that can execute arbitrary PHP code. The vulnerability can be exploited by bypassing regular expression checks or manipulating template files utilized in PHP eval statements, posing significant security risks for phpBB users.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.securityfocus.com/archive/1/431017/100/0/threaded
mailing-listx_refsource_BUGTRAQ
http://www.securityfocus.com/bid/17573
vdb-entryx_refsource_BID
http://securityreason.com/securityalert/769
third-party-advisoryx_refsource_SREASON

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.