VULHUB ™

The phpBB Advanced Quick Reply Hack is prone to an issue which may allow attackers to include arbitrary files from a remote server. It is possible for remote attackers to influence the include path for 'extension.inc' in the 'quick_reply.php' script. As a result, an attacker may cause an arbitrary PHP script to be included from an attacker-supplied source, which may result in execution of commands with the privileges of the webserver.

The phpBB Advanced Quick Reply Hack is prone to an issue which may allow attackers to include arbitrary files from a remote server. It is possible for remote attackers to influence the include path for 'extension.inc' in the 'quick_reply.php' script. As a result, an attacker may cause an arbitrary PHP script to be included from an attacker-supplied source, which may result in execution of commands with the privileges of the webserver.