CVE-2006-5223

PHP remote file inclusion vulnerability in includes/functions_user_viewed_posts.php in the Nivisec User Viewed Posts Tracker module 1.0 and earlier for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Score7.5
Access VectorNETWORK
Access ComplexityLOW
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-10 05:07:00.000-04
Last Modified2018-10-17 05:41:45.000-04

Vulnerable Software List

VendorProductVersions
Nivisec User Viewed Posts Tracker 1.0

References

SourceLink
SREASON1705
CONFIRMhttp://www.nivisec.com/article.php?l=vi&ar=19
BUGTRAQ20061006 phpBB User Viewed Posts Tracker Version <= 1.0 [phpbb_root_path] File Include Vulnerability
BUGTRAQ20061012 Admin User Viewed Posts Tracker Remote File Include Vulnerability
BID20385
VUPENADV-2006-3947
XFphpbb-phpbbrootpath-file-include(29383)
EXPLOIT-DB2483