CVE-2006-5610
CRITICALFully Modded phpBB 2021.4.40 - Remote Code Execution via phpbb_root_path Parameter
Title source: llmDescription
PHP remote file inclusion vulnerability in player/includes/common.php in Teake Nutma Foing, as modified in Fully Modded phpBB (phpbbfm) 2021.4.40, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.
References (1)
Core 1
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22499
Scores
CVSS v3
9.8
EPSS
0.0131
EPSS Percentile
67.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
yes
Technical Impact
total
Details
CWE
CWE-94
Status
published
Products (1)
fully_modded_phpbb/fully_modded_phpbb
2021.4.40
Published
Oct 31, 2006
Tracked Since
Feb 18, 2026