ISS X-Force Database: blendportal-phpbb-file-include(26890): Blend Portal Module for phpBB "phpbb_root

Blend Portal Module for phpBB "phpbb_root_path" file include

blendportal-phpbb-file-include (26890)

Medium Risk

Description:

The Blend Portal Module for phpBB could allow a remote attacker to include arbitrary files. If register_globals and url_fopen is enabled, a remote attacker could send a specially-crafted URL request to blend_data/blend_common.php script using the 'phpbb_root_path' parameter to specify an arbitrary file from the local or a remote system, which would allow the attacker to view arbitrary files or execute arbitrary code on the vulnerable system.

Consequences:

Gain Access

Remedy:

Refer to the phpBB-TweakS Forum posting dated Mon May 29, 2006 6:12 am for patch information. See References.

References:

BugTraq Mailing List, Mon May 29 2006 - 07:52:22 CDT : RE: Advisory: Blend Portal <= 1.2.0 for phpBB 2.x(blend_data/blend_common.php) File Inclusion Vulnerability.
BugTraq Mailing List, Sun May 28 2006 - 12:46:39 CDT : Advisory: Blend Portal <= 1.2.0 for phpBB 2.x (blend_data/blend_common.php) File Inclusion Vulnerability.
phpBB-TweakS Forum, Mon May 29, 2006 6:12 am: Post subject: Possible Trojan.
BID-18153: Blend Portal Blend_common.PHP Remote File Include Vulnerability
CVE-2006-2736: PHP remote file inclusion vulnerability in blend_data/blend_common.php in Blend Portal 1.2.0, as used with phpBB when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: This is a similar vulnerability to CVE-2006-2507.
SA20350: phpBB Blend Portal System Module "phpbb_root_path" File Inclusion
VUPEN/ADV-2006-2044: Blend Portal System for phpBB phpbb_root_path File Inclusion Vulnerability

Platforms Affected:

phpBB Project Blend Portal Module for phpBB 1.2.0

Reported:

May 28, 2006

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

For corrections or additions please email xforce@iss.net

Return to the main page