install.php in phpBB 2.0 up to and including 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote malicious users to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpbb group phpbb 2.0.0 |
||
phpbb group phpbb 2.0.1 |
||
phpbb group phpbb 2.0_rc3 |
||
phpbb group phpbb 2.0_rc4 |
||
phpbb group phpbb 2.0_rc1 |
||
phpbb group phpbb 2.0_rc2 |