CVE-2004-1943

phpBB modified by Przemo 1.8 - Remote File Inclusion via album_portal.php phpbb_root_path Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2004-1943. PoCs published by Officerrr.

AI-analyzed exploit summary The provided text describes a file include vulnerability in phpBB, where an attacker can manipulate the 'phpbb_root_path' parameter to include a remote script. The example URL demonstrates how an attacker could exploit this to execute arbitrary code.

Description

PHP remote file inclusion vulnerability in album_portal.php in phpBB modified by Przemo 1.8 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Officerrr · textwebappsphp
https://www.exploit-db.com/exploits/24026

The provided text describes a file include vulnerability in phpBB, where an attacker can manipulate the 'phpbb_root_path' parameter to include a remote script. The example URL demonstrates how an attacker could exploit this to execute arbitrary code.

Classification
Writeup 80%
Attack Type
Rce
Complexity
Trivial
Reliability
Theoretical
Target: phpBB (version not specified)
No auth needed
Prerequisites: Vulnerable phpBB installation · Ability to craft a malicious URL with a remote script
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/15916
Patch, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/10177
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=108244738102532&w=2

Scores

EPSS 0.0256
EPSS Percentile 83.1%

Details

Status published
Products (18)
phpbb_group/phpbb 2.0.0
phpbb_group/phpbb 2.0.1
phpbb_group/phpbb 2.0.2
phpbb_group/phpbb 2.0.3
phpbb_group/phpbb 2.0.4
phpbb_group/phpbb 2.0.5
phpbb_group/phpbb 2.0.6
phpbb_group/phpbb 2.0.6c
phpbb_group/phpbb 2.0.6d
phpbb_group/phpbb 2.0.7
... and 8 more
Published Apr 19, 2004
Tracked Since Feb 18, 2026