phpBB includes/template.php Template File Modification Arbitrary PHP Code Execution

2006-04-14T00:47:39
ID OSVDB:25259
Type osvdb
Reporter OSVDB
Modified 2006-04-14T00:47:39

Description

Technical Description

An attacker must supply valid administrator authentication credentials in order to exploit this vulnerability. It is common for phpBB administrators to be restricted from the privileges required to execute arbitrary PHP code.

References:

Vendor URL: http://www.phpbb.com/ Related OSVDB ID: 31370 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-04/0284.html CVE-2006-1895 Bugtraq ID: 17573