VULHUB ™

A problem has been discovered in phpBB2 which may enable an attacker to include an arbitrary attacker-supplied file which is located on a remote host. An attacker may exploit this issue by supplying the location of a remote file as the value for the 'phpbb_root_path' URL parameter. In the case that the remote file is a PHP script, this may allow commands to be executed remotely with the privileges of the webserver. This is especially a concern for hosts running Microsoft Windows operating systems, as webservers are generally run with SYSTEM privileges on these platforms.

A problem has been discovered in phpBB2 which may enable an attacker to include an arbitrary attacker-supplied file which is located on a remote host. An attacker may exploit this issue by supplying the location of a remote file as the value for the 'phpbb_root_path' URL parameter. In the case that the remote file is a PHP script, this may allow commands to be executed remotely with the privileges of the webserver. This is especially a concern for hosts running Microsoft Windows operating systems, as webservers are generally run with SYSTEM privileges on these platforms.