Intrusion Prevention

Foing.Module.phpBB.phpbb_root_path.File.Inclusion

Description

Foing has multiple remote file-include vulnerabilities. A remote attacker could execute arbitrary script code on the web server, with the privileges of the server, via a specially crafted URL request to the index.php, song.php, faz.php, list.php, gen_m3u.php or playlist.php script, by using the 'phpbb_root_path' parameter to specify a malicious PHP file from a remote system.

Affected Products

Foing (module for phpBB) version 0.7.0 and prior

Impact

Gain Access

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.
http://foing.sourceforge.net/

CVE References

CVE-2006-2507