CVE-2006-5209

PHP remote file inclusion vulnerability in admin/admin_topic_action_logging.php in Admin Topic Action Logging Mod 0.95 and earlier, as used in phpBB 2.0 up to 2.0.21, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-10 12:06:00.000-04
Last Modified2017-10-18 09:29:30.000-04

Vulnerable Software List

VendorProductVersions
Phpbb Group Phpbb 2.0, 2.0.1, 2.0.10, 2.0.11, 2.0.2, 2.0.3, 2.0.4, 2.0.5, 2.0.6, 2.0.6c, 2.0.6d, 2.0.7, 2.0.7a, 2.0.8, 2.0.8a, 2.0.9

References

SourceLink
XFphpbb-setmodules-file-include(29345)
EXPLOIT-DB2475