PHPBB Admin_Styles.PHP Theme_Info.CFG File Include Vulnerability

info
discussion
exploit
solution
references

PHPBB Admin_Styles.PHP Theme_Info.CFG File Include Vulnerability

It has been reported that phpBB may permit an attacker to influence the include path of 'theme_info.cfg'. This could reportedly allow an attacker to include a malicious or sensitive local file. Information disclosure or execution of arbitrary commands could be the result.