Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-2134 — Group Phpbb vulnerability

3 documents3 sources

Severity

5.1MEDIUMNVD

EPSS

6.3%

top 9.00%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpbb Group Phpbb

Timeline

PublishedMay 2

Latest updateMay 1

Description

PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter.

CVSS vector

AV:N/AC:H/C:P/I:P/A:PExploitability: 4.9 | Impact: 6.4

Affected Packages1 packages

▶NVDphpbb_group/phpbb2.0.2+15

🔴Vulnerability Details

GHSA

GHSA-976j-g55x-xqcp: PHP remote file inclusion vulnerability in /includes/kb_constants↗2022-05-01

▶

💥Exploits & PoCs

Exploit-DB

Knowledge Base Mod 2.0.2 - 'phpBB' Remote File Inclusion↗2006-04-29

▶