|
Description
|
|
A vulnerability has been identified in Autopost Bot Mod for phpBB, which could be exploited by remote attackers to compromise a vulnerable web server. This issue is caused by an input validation error in the "includes/functions_lastrss_autopost.php" script when processing the "phpbb_root_path" parameter, which could be exploited by remote attackers to include malicious PHP scripts and execute arbitrary commands with the privileges of the web server.
|
|
|
|
|
|
Vulnerable Products
|
|
Vulnerable Software:
Autopost Bot Mod for phpBB version 0.1.3 and prior
|
|
|
|
|
|
Solution
|
|
Upgrade to Autopost Bot Mod for phpBB version 0.1.4 :
http://phpbb3.smika.net/mods.php?project=2&lang=en
|
|
|
|
|
|
CVE
|
|
|
|
|
|
|
|
References
|
|
http://phpbb3.smika.net/viewtopic.php?f=56&p=2015
|
|
|
|
|
|
Vulnerability Manager Detection
|
|
No
|
|
|
|
|
|
IPS Protection
|
|
|
|
|
|
|
