CVE-2006-5306

Multiple PHP remote file inclusion vulnerabilities in the Journals System module 1.0.2 (RC2) and earlier for phpBB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter in (1) includes/journals_delete.php, (2) includes/journals_post.php, or (3) includes/journals_edit.php.

Score6.8
Access VectorNETWORK
Access ComplexityMEDIUM
AuthenticationNONE
Confidentiality ImpactPARTIAL
Integrity ImpactPARTIAL
Availability ImpactPARTIAL
Published2006-10-17 11:07:00.000-04
Last Modified2018-10-17 05:42:04.000-04

Vulnerable Software List

VendorProductVersions
Phpbb Journals System Module 1.0.2, 1.0.2 rc2

References

SourceLink
SREASON1731
SECTRACK1017058
BUGTRAQ20061012 Journals System <= 1.0.2 [RC2] Remote File Include Vulnerability
BID20484
VUPENADV-2006-4029
XFphpbb-multiple-scripts-file-include(29491)
EXPLOIT-DB2522