phpBB includes/template.php Template File Modification Arbitrary PHP Code Execution

ID OSVDB:25259
Type osvdb
Reporter OSVDB
Modified 2006-04-14T00:47:39


Technical Description

An attacker must supply valid administrator authentication credentials in order to exploit this vulnerability. It is common for phpBB administrators to be restricted from the privileges required to execute arbitrary PHP code.


Vendor URL: Related OSVDB ID: 31370 Mail List Post: CVE-2006-1895 Bugtraq ID: 17573