<<< Date Index >>>     <<< Thread Index >>>

AzzCoder => phpBB XS 0.58 Remote File Include



A important vulnerability into functions.php will allow a malicious user to 
insert a remote file.

The Vulnerable Code:

include_once( $phpbb_root_path . './includes/functions_categories_hierarchy.' . 
$phpEx );

(The phpbb_root_path isn't initialize and PHPBB_IN isn't checked)