CVE-2006-5610

CRITICAL

Fully Modded phpBB 2021.4.40 - Remote Code Execution via phpbb_root_path Parameter

Title source: llm
STIX 2.1

Description

PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

References (1)

Core 1
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/22499

Scores

CVSS v3 9.8
EPSS 0.0131
EPSS Percentile 67.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

CWE
CWE-94
Status published
Products (1)
fully_modded_phpbb/fully_modded_phpbb 2021.4.40
Published Oct 31, 2006
Tracked Since Feb 18, 2026