CVE-2006-1895

Published: Apr 20, 2006Modified: Apr 16, 2026

6.5

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability: 8.0 / Impact: 6.4

Source: NVD

Description

Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl.

Affected (1)

Products: Phpbb Group: Phpbb

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpbb Group Phpbb	Version 2.0.9

References (8)

http://securityreason.com/securityalert/769

Source: cve@mitre.org

http://www.securityfocus.com/archive/1/431017/100/0/threaded

Source: cve@mitre.org

http://www.securityfocus.com/bid/17573

Source: cve@mitre.org

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/25888

Source: cve@mitre.org

http://securityreason.com/securityalert/769

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/archive/1/431017/100/0/threaded

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/17573

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

https://exchange.xforce.ibmcloud.com/vulnerabilities/25888

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.