PHP Remote File Inclusion Vulnerability in phpBB by phpBB Group
CVE-2007-1695

Currently unrated

Key Information:

Vendor: PHPbb Group
Status: PHPbb
Vendor: CVE Published:; 27 March 2007

🔔 Create PHPbb Group Vulnerability Alert

What is CVE-2007-1695?

A remote file inclusion vulnerability exists in the includes/usercp_register.php file of phpBB version 2.0.19, enabling attackers to potentially execute arbitrary PHP code by manipulating the phpbb_root_path parameter with a crafted URL. Although there are claims that this vulnerability is mitigated by checks for a global constant, it still poses a risk if other security measures are not correctly implemented.

References

http://www.securityfocus.com/archive/1/463817/100/0/threaded

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/archive/1/463718/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2007
Vulnerability Reserved
Mar 26, 2007

CVE-2007-1695 Data

JSON