CVE-2006-5435Group Phpbb vulnerability

2 documents2 sources
Severity
7.5HIGHNVD
EPSS
1.2%
top 20.71%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Phpbb Group Phpbb
Timeline
PublishedOct 20
Latest updateMay 1

Description

PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDphpbb_group/phpbb2.0.10

🔴Vulnerability Details

1
GHSA
GHSA-8684-vqvg-qxwp: ** DISPUTED ** PHP remote file inclusion vulnerability in groupcp2022-05-01