phpBB: PHP code inclusion attempt using a vulnerable module Description   A PHP code inclusion vulnerability has been found in multiple phpBB modules like TopList, Advanced Guestbook and Knowledge Base. An attacker could use a specially crafted phpbb_root_path parameter to execute arbitrary PHP code on the server.       Default configuration   Profiles High Medium Low Internet Action Block Block Block Block Alarm Level Major Minor Minor Major       References   URL: http://www.frsirt.com/english/advisories/2006/1585 URL: http://www.frsirt.com/english/advisories/2006/1600       Available since   ASQ v3.2.0       Protects   IntegraMOD Nederland(s) "phpbb_root_path" PHP File Inclusion Vulnerability phpBB2 Plus "phpbb_root_path" Remote PHP File Inclusion Vulnerabilities SupaNav Module for phpBB "phpbb_root_path" Remote File Inclusion Vulnerability FlashBB "phpbb_root_path" Parameter Handling Remote File Inclusion Vulnerability Categories hierarchy for phpBB "phpbb_root_path" Remote File Inclusion Vulnerability phpBB++ "phpbb_root_path" Parameter Handling Remote File Inclusion Vulnerability Phpbb Tweaked "phpbb_root_path" Parameter Remote PHP File Inclusion Vulnerability Hailboards "phpbb_root_path" Parameter Remote PHP File Inclusion Vulnerability Omegaboard "phpbb_root_path" Parameter Remote PHP File Inclusion Vulnerability Cerulean Portal System "phpbb_root_path" Parameter Remote File Inclusion Vulnerability phpBB2-MODificat "phpbb_root_path" Parameter Remote File Inclusion Vulnerability EclipseBB "phpbb_root_path" Parameter Handling Remote File Inclusion Vulnerability Virtual Path for phpBB "phpbb_root_path" Parameter Remote File Inclusion Vulnerability Xero Portal "phpbb_root_path" Parameter Multiple Remote File Inclusion Vulnerabilities PhpbbXtra "phpbb_root_path" Parameter Handling Remote File Inclusion Vulnerability Spider Friendly Module for phpBB "phpbb_root_path" File Inclusion Vulnerability News Defilante Horizontale for phpBB "phpbb_root_path" File Inclusion Vulnerability Lat2cyr for phpBB "phpbb_root_path" Parameter Remote File Inclusion Vulnerability French Language Pack for phpBB Prillian "phpbb_root_path" File Inclusion Issue SpamOborona for phpBB "phpbb_root_path" Parameter File Inclusion Vulnerability phpBB PlusXL "phpbb_root_path" Parameter Remote File Inclusion Vulnerability phpBB Archive for Search Engines "phpbb_root_path" File Inclusion Vulnerability Journals System "phpbb_root_path" Variable Remote File Inclusion Vulnerabilities SpamBlockerMod for phpBB "phpbb_root_path" Remote File Inclusion Vulnerability User Viewed Posts Tracker for phpBB "phpbb_root_path" File Inclusion Vulnerability Security Suite IP Logger for phpBB "phpbb_root_path" File Inclusion Vulnerability Dimension of phpBB "phpbb_root_path" Remote PHP File Inclusion Vulnerabilities Nivisec Static Topics phpBB Module "phpbb_root_path" File Inclusion Vulnerability BBaCE "phpbb_root_path" Parameter Remote PHP File Inclusion Vulnerability Minerva "phpbb_root_path" Parameter Remote PHP File Inclusion Vulnerability phpBB XS "phpbb_root_path" Parameter Remote PHP File Inclusion Vulnerability IM Portal "phpbb_root_path" Parameter Remote PHP File Inclusion Vulnerability PNphpBB "phpbb_root_path" Parameter Remote PHP File Inclusion Vulnerability phpBB XS "phpbb_root_path" Parameter Remote PHP File Inclusion Vulnerability Vitrax Premodded "phpbb_root_path" Variable Remote File Inclusion Vulnerability phpBB XS "phpbb_root_path" Parameter Handling PHP File Inclusion Vulnerability phpBB Premod Shadow "phpbb_root_path" Parameter File Inclusion Vulnerability VistaBB "phpbb_root_path" Parameter Handling Remote File Inclusion Vulnerabilities ZoneX Publishers Gold Edition "phpbb_root_path" Parameter File Inclusion Vulnerability phpBB Module for Mambo "phpbb_root_path" Parameter File Inclusion Vulnerabilities Minerva "phpbb_root_path" Variable Handling Remote File Inclusion Vulnerability Activity Mod Plus for phpBB "phpbb_root_path" Variable File Inclusion Vulnerability Blend Portal System for phpBB "phpbb_root_path" File Inclusion Vulnerability foing Module for phpBB "phpbb_root_path" Parameter File Inclusion Vulnerability phpRaid "phpbb_root_path" Parameter Handling File Inclusion Vulnerability phpbb-Auction Module for phpBB "phpbb_root_path" File Inclusion Vulnerability TopList "phpbb_root_path" Variable Handling Remote File Inclusion Vulnerability Advanced GuestBook "phpbb_root_path" Parameter File Inclusion Vulnerability 100 last CVE   CVE-2007-5140 CVE-2007-5100 CVE-2007-5009 CVE-2007-3935 CVE-2007-3697 CVE-2007-0809 CVE-2007-0762 CVE-2007-0684 CVE-2007-0683 CVE-2007-0680 CVE-2007-0662 CVE-2007-0656 CVE-2007-0591 CVE-2007-0581 CVE-2007-0561 CVE-2006-6789 CVE-2006-5665 CVE-2006-5418 CVE-2006-5415 CVE-2006-5387 CVE-2006-5385 CVE-2006-5326 CVE-2006-5309 CVE-2006-5306 CVE-2006-5305 CVE-2006-5301 CVE-2006-5235 CVE-2006-5224 CVE-2006-5223 CVE-2006-5222 CVE-2006-5191 CVE-2006-5187 CVE-2006-5094 CVE-2006-5083 CVE-2006-5077 CVE-2006-4968 CVE-2006-4893 CVE-2006-4780 CVE-2006-4779 CVE-2006-4664 CVE-2006-4365 CVE-2006-4036 CVE-2006-3028 CVE-2006-2736 CVE-2006-2735 CVE-2006-2507 CVE-2006-2245 CVE-2006-2152 CVE-2006-2151    Risk level  Moderate