← back
CVE-2006-2828

CVE-2006-2828

EPSS 2.5%
Global variable overwrite vulnerability in PHP-Nuke allows remote attackers to conduct remote PHP file inclusion attacks via a modified phpbb_root_path parameter to the admin scripts (1) index.php, (2) admin_ug_auth.php, (3) admin_board.php, (4) admin_disallow.php, (5) admin_forumauth.php, (6) admin_groups.php, (7) admin_ranks.php, (8) admin_styles.php, (9) admin_user_ban.php, (10) admin_words.php, (11) admin_avatar.php, (12) admin_db_utilities.php, (13) admin_forum_prune.php, (14) admin_forums.php, (15) admin_mass_email.php, (16) admin_smilies.php, (17) admin_ug_auth.php, and (18) admin_users.php, which overwrites $phpbb_root_path when the import_request_variables function is executed after $phpbb_root_path has been initialized to a static value.
Affected products
n/a · n/a
public PoCs found1
exploitdbwww.exploit-db.com/exploits/1866unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://securityreason.com/securityalert/1040https://exchange.xforce.ibmcloud.com/vulnerabilities/27368http://www.securityfocus.com/archive/1/435407/100/0/threadedhttp://www.securityfocus.com/archive/1/435611/100/0/threadedhttp://www.securityfocus.com/archive/1/435705/100/0/threaded