Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl.

Threat-Mapped Scoring

Score: 0.0

Priority: Unclassified

EPSS

Score: 0.00365
Percentile: 0.57719

CVSS Scoring

Affected Products

• cpe:2.3:a:phpbb_group:phpbb:2.0.9:*:*:*:*:*:*:*

← Back to Home