CVE-2007-1695

Publication date 27 March 2007

Last updated 4 August 2025

Ubuntu priority

Description

PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
phpbb2	9.10 karmic	Not in release
	9.04 jaunty	Not in release
	8.10 intrepid	Ignored
	8.04 LTS hardy	Ignored
	7.10 gutsy	Ignored end of life, was needed
	7.04 feisty	Ignored end of life, was needed
	6.10 edgy	Ignored end of life, was needed
	6.06 LTS dapper	Ignored end of life

How can I get the fixes?
What do statuses mean?

Notes

fujitsu

Requires register globals.

mdeslaur

disputed, let's ignore

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2007-1695