phpBB Multiple Module phpbb_root_path Parameter Remote File Inclusion

medium Nessus Plugin ID 21323

Synopsis

The remote web server contains a PHP application that is prone to remote file include attacks.

Description

The remote host contains a third-party module for phpBB.

The version of at least one such component or module installed on the remote host fails to sanitize input to the 'phpbb_root_path' parameter before using it to include PHP code. Provided PHP's 'register_globals' setting is enabled, an unauthenticated attacker may be able to exploit these flaws to view arbitrary files on the remote host or to execute arbitrary PHP code, possibly taken from third-party hosts.

Solution

Disable PHP's 'register_globals' setting or contact the product's author to see if an upgrade exists.

See Also

http://www.nessus.org/u?9640ab6a

https://seclists.org/bugtraq/2006/Oct/209

https://www.phpbb.com/community/viewtopic.php?p=2504370&highlight=#2504370

https://www.securityfocus.com/archive/1/452012/30/0/threaded

https://www.securityfocus.com/archive/1/479997/30/0/threaded

http://www.nessus.org/u?37fd2995

Plugin Details

Severity: Medium

ID: 21323

File Name: phpbb_auction_phpbb_root_path_file_include.nasl

Version: 1.42

Type: remote

Family: CGI abuses

Published: 5/4/2006

Updated: 4/11/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:phpbb_group:phpbb-auction

Required KB Items: www/phpBB

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 5/3/2006

Exploitable With

CANVAS (CANVAS)

Reference Information

CVE: CVE-2006-2245, CVE-2006-5301, CVE-2006-5306, CVE-2006-5390, CVE-2006-5418, CVE-2006-7090, CVE-2006-7100, CVE-2006-7147, CVE-2007-5009, CVE-2007-5100

BID: 17822, 20484, 20485, 20493, 20501, 20518, 20525, 20558, 20571, 21171, 25737, 25776

CWE: 94