Passing an absolute path to a file_exists check in phpBB prior to 3.2.4 allows Remote Code Execution through Object Injection by employing Phar deserialization when an attacker has access to the Admin Control Panel with founder permissions.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
phpbb phpbb |
||
debian debian linux 8.0 |