Remote File Inclusion Vulnerability in phpBB by phpBB Group
CVE-2006-5435

Currently unrated

Key Information:

Vendor: PHPbb Group
Status: PHPbb
Vendor: CVE Published:; 20 October 2006

🔔 Create PHPbb Group Vulnerability Alert

What is CVE-2006-5435?

phpBB versions 2.0.10 and earlier are vulnerable to a remote file inclusion attack through the groupcp.php script. Attackers can exploit this vulnerability to execute arbitrary PHP code by injecting a malicious URL into the phpbb_root_path parameter, though it is worth noting that the vendor argues this parameter's definition precedes its usage. This flaw poses a significant risk if not addressed promptly.

References

http://www.securityfocus.com/archive/1/449114/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/449232/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 20, 2006
Vulnerability Reserved
Oct 20, 2006

CVE-2006-5435 Data

JSON