Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-1895

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2006-1895
Last Modified 05 Sep 2008 05:03:07
Published 20 Apr 2006 06:02:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2006-1895

Summary

Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl.

Vulnerable Systems

Application

  • Phpbb Group Phpbb 2.0.9


References

BID - 17573

BUGTRAQ - 20060414 phpBB template file code execution

XF - phpbb-template-code-execution(25888)

SREASON - 769


Last Updated: 27 May 2016 10:42:15