Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Direct static code injection vulnerability in includes/template.php in phpBB allows remote authenticated users with write access to execute arbitrary PHP code by modifying a template in a way that (1) bypasses a loose ".*" regular expression to match BEGIN and END statements in overall_header.tpl, or (2) is used in an eval statement by includes/bbcode.php for bbcode.tpl.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
phpBB includes/template.php 静态代码注入漏洞
Vulnerability Description
phpBB中的includes/template.php存在直接静态代码注入漏洞。这使得具有写访问权限的远程认证用户可以通过修改模板执行任意PHP代码。修改方式包括:(1)绕过".*"正则表达式以匹配overall_header.tpl中的BEGIN和END语句;或(2)用在bbcode.tpl中的includes/bbcode.php中的eval语句中。
CVSS Information
N/A
Vulnerability Type
N/A