Description
PHP remote file inclusion vulnerability in toplist.php in phpBB TopList 1.3.8 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by FOX_MULDER · perlwebappsphp
https://www.exploit-db.com/exploits/1724
References (6)
Scores
EPSS
0.1735
EPSS Percentile
95.1%
Details
Status
published
Products (1)
phpbb_group/phpbb_toplist
< 1.3.8
Published
May 03, 2006
Tracked Since
Feb 18, 2026