PHP Remote File Inclusion Vulnerability in phpBB Advanced Guestbook
CVE-2006-2152

Currently unrated

Key Information:

Vendor: PHPbb Group
Status: PHPbb Advanced Guestbook
Vendor: CVE Published:; 3 May 2006

🔔 Create PHPbb Group Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC🟣 EPSS 12%

What is CVE-2006-2152?

A PHP remote file inclusion vulnerability exists in the admin/addentry.php file of phpBB Advanced Guestbook 2.4.0 and earlier. This issue arises when the register_globals setting is enabled, enabling remote attackers to exploit the phpbb_root_path parameter to include arbitrary files. Such inclusion can lead to unauthorized access and execution of malicious scripts, posing severe security risks to affected installations.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2006-2152 - Proof of Concept

References

https://www.exploit-db.com/exploits/1725

exploitx_refsource_EXPLOIT-DB

https://exchange.xforce.ibmcloud.com/vulnerabilities/26217

vdb-entryx_refsource_XF

https://www.exploit-db.com/exploits/1723

exploitx_refsource_EXPLOIT-DB

EPSS Score

12% chance of being exploited in the next 30 days.

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
May 3, 2006
👾
Exploit known to exist
May 3, 2006
Vulnerability published
May 3, 2006
Vulnerability Reserved
May 3, 2006

CVE-2006-2152 Data

JSON