Vulnerability Description
PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter. NOTE: this might be the same issues as CVE-2006-4893.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpbb | Maluinfo | 206.2.38 |
References
- http://securityreason.com/securityalert/2380
- http://www.securityfocus.com/archive/1/448639/100/0/threaded
- http://www.securityfocus.com/bid/20507
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29516
- http://securityreason.com/securityalert/2380
- http://www.securityfocus.com/archive/1/448639/100/0/threaded
- http://www.securityfocus.com/bid/20507
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29516
FAQ
What is CVE-2006-7148?
CVE-2006-7148 is a vulnerability with a CVSS score of 10.0 (HIGH). PHP remote file inclusion vulnerability in includes/bb_usage_stats.php in maluinfo 206.2.38 for Brazilian PHPBB allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter....
How severe is CVE-2006-7148?
CVE-2006-7148 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2006-7148?
Check the references section above for vendor advisories and patch information. Affected products include: Phpbb Maluinfo.