CVE-2006-5390

Published: Oct 18, 2006Modified: Apr 23, 2026

6.8

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 8.6 / Impact: 6.4

Source: NVD

Description

PHP remote file inclusion vulnerability in includes/functions_mod_user.php in the ACP User Registration (MMW) 1.00 module for phpBB allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter.

Affected (1)

Products: Phpbb: Acp User Registration Module

Phpbb

1 product

Acp User Registration Module

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Phpbb Acp User Registration Module	Version 1.00

Related CWEs

CWE-94

Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

References (12)

http://secunia.com/advisories/22436

Source: cve@mitre.org

PatchVendor Advisory

http://www.osvdb.org/29734

Source: cve@mitre.org

http://www.phpbb.com/phpBB/viewtopic.php?p=2504370#2504370

Source: cve@mitre.org

http://www.securityfocus.com/bid/20558

Source: cve@mitre.org

Patch

https://exchange.xforce.ibmcloud.com/vulnerabilities/29571

Source: cve@mitre.org

https://www.exploit-db.com/exploits/2551

Source: cve@mitre.org

http://secunia.com/advisories/22436