Vulnerabilities > CVE-2006-2134 - Remote File Include vulnerability in phpBB Knowledge Base Mod KB_constants.PHP

CVSS 5.1 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

high complexity

phpbb-group

exploit available

NVD

Published: 2006-05-02

Updated: 2017-10-19

Summary

PHP remote file inclusion vulnerability in /includes/kb_constants.php in Knowledge Base Mod for PHPbb 2.0.2 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the module_root_path parameter. Successful exploitation requires that "register_globals" is enabled.

Vulnerable Configurations

Part	Description	Count
Application	Phpbb_Group Phpbb Group Phpbb 1.0.0 Phpbb Group Phpbb 1.0.1 Phpbb Group Phpbb 1.2.0 Phpbb Group Phpbb 1.2.1 Phpbb Group Phpbb 1.4.0 Phpbb Group Phpbb 1.4.1 Phpbb Group Phpbb 1.4.2 Phpbb Group Phpbb 1.4.4 Phpbb Group Phpbb 2.0.0 Phpbb Group Phpbb 2.0.1 Phpbb Group Phpbb * Phpbb Group Phpbb 2.0_Beta1 Phpbb Group Phpbb 2.0_Rc1 Phpbb Group Phpbb 2.0_Rc2 Phpbb Group Phpbb 2.0_Rc3 Phpbb Group Phpbb 2.0_Rc4	16

Exploit-Db

description	Knowledge Base Mod <= 2.0.2 (phpBB) Remote Inclusion Vulnerability. CVE-2006-2134. Webapps exploit for php platform
file	exploits/php/webapps/1728.txt
id	EDB-ID:1728
last seen	2016-01-31
modified	2006-04-29
platform	php
port
published	2006-04-29
reporter	[Oo]
source	https://www.exploit-db.com/download/1728/
title	Knowledge Base Mod <= 2.0.2 phpBB Remote Inclusion Vulnerability
type	webapps

Summary

Vulnerable Configurations

Exploit-Db

References