Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2006-2865

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2006-2865
Last Modified 05 Sep 2008 05:05:38
Published 06 Jun 2006 04:06:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2006-2865

Summary

** DISPUTED ** PHP remote file inclusion vulnerability in template.php in phpBB 2 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: followup posts have disputed this issue, stating that template.php does not appear in phpBB and does not use a $page variable. It is possible that this is a site-specific vulnerability, or an issue in a mod.

Vulnerable Systems

Application

  • Phpbb Group Phpbb 2.0

  • Phpbb Group Phpbb 2.0 Beta1

  • Phpbb Group Phpbb 2.0 Rc1

  • Phpbb Group Phpbb 2.0 Rc2

  • Phpbb Group Phpbb 2.0 Rc3

  • Phpbb Group Phpbb 2.0 Rc4

  • Phpbb Group Phpbb 2.0.1

  • Phpbb Group Phpbb 2.0.10

  • Phpbb Group Phpbb 2.0.11

  • Phpbb Group Phpbb 2.0.12

  • Phpbb Group Phpbb 2.0.13

  • Phpbb Group Phpbb 2.0.14

  • Phpbb Group Phpbb 2.0.15

  • Phpbb Group Phpbb 2.0.16

  • Phpbb Group Phpbb 2.0.17

  • Phpbb Group Phpbb 2.0.18

  • Phpbb Group Phpbb 2.0.19

  • Phpbb Group Phpbb 2.0.2

  • Phpbb Group Phpbb 2.0.20

  • Phpbb Group Phpbb 2.0.3

  • Phpbb Group Phpbb 2.0.4

  • Phpbb Group Phpbb 2.0.5

  • Phpbb Group Phpbb 2.0.6

  • Phpbb Group Phpbb 2.0.6c

  • Phpbb Group Phpbb 2.0.6d

  • Phpbb Group Phpbb 2.0.7

  • Phpbb Group Phpbb 2.0.7a

  • Phpbb Group Phpbb 2.0.8

  • Phpbb Group Phpbb 2.0.8a

  • Phpbb Group Phpbb 2.0.9


References

BID - 18255

BUGTRAQ - 20060606 Re: phpBB2 (template.php) Remote File Inclusion

BUGTRAQ - 20060603 phpBB2 (template.php) Remote File Inclusion

BUGTRAQ - 20060605 Re: phpBB2 (template.php) Remote File Inclusion

BUGTRAQ - 20060604 RE: phpBB2 (template.php) Remote File Inclusion


Last Updated: 27 May 2016 10:42:48