Description
PHP remote file inclusion vulnerability in auction\auction_common.php in Auction mod 1.3m for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by webDEViL · perlwebappsphp
https://www.exploit-db.com/exploits/1747
References (6)
Scores
EPSS
0.0947
EPSS Percentile
92.8%
Details
CWE
CWE-94
Status
published
Products (3)
phpbb_group/phpbb-auction
1.0m
phpbb_group/phpbb-auction
1.2m
phpbb_group/phpbb-auction
1.3m
Published
May 09, 2006
Tracked Since
Feb 18, 2026