CVE-2007-1695

Published: 27 March 2007

** DISPUTED ** PHP remote file inclusion vulnerability in includes/usercp_register.php in phpBB 2.0.19 allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: this issue has been disputed by third-party researchers, stating that the file checks for a global constant and cannot be accessed directly.

Notes

Author	Note
fujitsu	Requires register globals.
mdeslaur	disputed, let's ignore

Priority

Status

Package	Release	Status
phpbb2 Launchpad, Ubuntu, Debian	dapper	Ignored (end of life)
	edgy	Ignored (end of life, was needed)
	feisty	Ignored (end of life, was needed)
	gutsy	Ignored (end of life, was needed)
	hardy	Ignored
	intrepid	Ignored
	jaunty	Does not exist
	karmic	Does not exist
	upstream	Needs triage

References

https://www.cve.org/CVERecord?id=CVE-2007-1695
NVD
Launchpad
Debian

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›