Vulnerabilities > CVE-2006-2152 - Remote File Include vulnerability in Advanced GuestBook Addentry.PHP

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
phpbb-group
nessus
exploit available

Summary

PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.

Vulnerable Configurations

Part Description Count
Application
Phpbb_Group
1

Exploit-Db

  • descriptionAdvanced GuestBook <= 2.4.0 (phpBB) File Inclusion Vulnerability. CVE-2006-2152. Webapps exploit for php platform
    fileexploits/php/webapps/1723.txt
    idEDB-ID:1723
    last seen2016-01-31
    modified2006-04-28
    platformphp
    port
    published2006-04-28
    reporter[Oo]
    sourcehttps://www.exploit-db.com/download/1723/
    titleAdvanced GuestBook <= 2.4.0 - phpBB File Inclusion Vulnerability
    typewebapps
  • idEDB-ID:1725

Nessus

NASL familyCGI abuses
NASL idADVANCED_GUESTBOOK_PHPBB_ROOT_PATH_FILE_INCLUDE.NASL
descriptionThe remote host is running Advanced Guestbook, a free guestbook written in PHP. The version of Advanced Guestbook installed on the remote host fails to sanitize input to the
last seen2020-06-01
modified2020-06-02
plugin id21302
published2006-05-03
reporterThis script is Copyright (C) 2006-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
sourcehttps://www.tenable.com/plugins/nessus/21302
titlephpBB Advanced GuestBook addentry.php phpbb_root_path Parameter Remote File Inclusion