Intrusion Prevention

Foing.Module.phpBB2.foing_root_path.File.Inclusion

Description

Foing has multiple remote file-include vulnerabilities. A remote attacker could execute an arbitrary script on the web server, with the privileges of the server, via a specially-crafted URL request to multiple script files, using the 'foing_root_path' parameter to specify a malicious PHP file from a remote system.

Affected Products

Fully Modded phpBB version 2021.4.40 and prior

Impact

Gain Access

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://sourceforge.net/projects/phpbbfm/

CVE References

CVE-2006-5526