crypto writes:Security Alert: phpBB Group phpBB Arbitrary File Disclosure Vulnerability! The remote exploitation of an input validation vulnerability in the phpBB Group's phpBB2 bulletin board system allows attackers to read the contents of arbitrary system files under the privileges of the web server.
Exploitation of this vulnerability allows remote attackers to view arbitrary system files under the privileges of the underlying web server. An attacker must have, or be able to create an account on the target system. Non-default settings must also be enabled for exploitation to be possible. Upon successful exploitation an attacker may be able to further compromise the system by gleaning system information that would otherwise be inaccessible to the attacker.More information:idefense phpbb.com mitre.orgNote:
Chatserv believes that these issues have been fixed in 2.0.12. I am posting this for awareness, though, in the event you haven't fixed yours yet :)
Related
Re: phpBB Arbitrary File Disclosure Vulnerability (Score: 1) |  | Having checked into it, yes, it has been addressed in phpBB 2.0.12 |
![[Valid RSS]](https://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
