CVE-2006-2152

phpBB Advanced Guestbook <2.4.0 - RCE

Title source: llm
STIX 2.1

Description

PHP remote file inclusion vulnerability in admin/addentry.php in phpBB Advanced Guestbook 2.4.0 and earlier, when register_globals is enabled, allows remote attackers to include arbitrary files via the phpbb_root_path parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by n0m3rcy · perlwebappsphp
https://www.exploit-db.com/exploits/1725
exploitdb WORKING POC VERIFIED
by [Oo] · textwebappsphp
https://www.exploit-db.com/exploits/1723

References (6)

Scores

EPSS 0.1210
EPSS Percentile 93.8%

Details

Status published
Products (1)
phpbb_group/phpbb_advanced_guestbook < 2.4.0
Published May 03, 2006
Tracked Since Feb 18, 2026