phpBB Allows Remote Code Execution Through Admin Panel Access
CVE-2006-1896

Currently unrated

Key Information:

Vendor: PHPbb Group
Status: PHPbb
Vendor: CVE Published:; 20 April 2006

🔔 Create PHPbb Group Vulnerability Alert

What is CVE-2006-1896?

An unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code. This can occur via crafted Font Colour 3 ($theme[fontcolor3] variable) or signature values, potentially involving the highlight functionality. The report does not specify whether this issue is related to static code injection, eval injection, or another form of exploitation. This vulnerability poses significant risks, enabling unauthorized actions within the application.

References

http://www.securityfocus.com/archive/1/431015/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.debian.org/security/2006/dsa-1066

vendor-advisoryx_refsource_DEBIAN

https://exchange.xforce.ibmcloud.com/vulnerabilities/25889

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 20, 2006
Vulnerability Reserved
Apr 20, 2006

CVE-2006-1896 Data

JSON