Intrusion Prevention



Foing has multiple remote file-include vulnerabilities. A remote attacker could execute arbitrary script code on the web server, with the privileges of the server, via a specially crafted URL request to the index.php, song.php, faz.php, list.php, gen_m3u.php or playlist.php script, by using the 'phpbb_root_path' parameter to specify a malicious PHP file from a remote system.

Affected Products

Foing (module for phpBB) version 0.7.0 and prior


Gain Access

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References