CVE-2002-1707 Information
Feb 14, 2021
cve
Description
install.php in phpBB 2.0 through 2.0.1 when \allow_url_fopen\ and \register_globals\ variables are set to \on\ allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.
Reference
http://online.securityfocus.com/archive/1/277318
http://www.securityfocus.com/bid/5038
https://exchange.xforce.ibmcloud.com/vulnerabilities/9370
install.php
in
phpBB
2.0
through
2.0.1
when
\allow_url_fopen
and
\register_globals
variables
are
set
to
\on
allows
remote
attackers
to
execute
arbitrary
PHP
code
by
modifying
the
phpbb_root_dir
parameter
to
reference
a
URL
on
a
remote
web
server
that
contains
the
code.