Remote File Inclusion Vulnerability in phpBB by phpBB Group
CVE-2006-2865

Currently unrated

Key Information:

Vendor: PHPbb Group
Status: PHPbb
Vendor: CVE Published:; 6 June 2006

🔔 Create PHPbb Group Vulnerability Alert

What is CVE-2006-2865?

The vulnerability in phpBB 2 relates to a PHP remote file inclusion flaw found in the template.php file, which can potentially allow attackers to execute arbitrary PHP code via a specially crafted URL in the page parameter. Although some follow-up discussions have cast doubt on its presence in the standard phpBB installation or the actual use of a $page variable, it remains critical for users to assess their configurations thoroughly, as this could be indicative of broader, site-specific security issues or misconfigurations. Proper validation and sanitization of user inputs are essential to mitigate such security risks.

References

http://www.securityfocus.com/archive/1/435995/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/435869/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/18255

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 6, 2006
Vulnerability Reserved
Jun 6, 2006

CVE-2006-2865 Data

JSON