Title 23/3/2002 phpBB2 Remote Execution Command (db.php) Summary phpBB is a high powered, fully scalable, and highly customizable forums package. phpBB has a user-friendly interface, simply and straight-forward administration panel, and helpful FAQ. A security vulnerability in the product allows attackers to cause it to execute arbitrary code by including an external file (by causing 'include' directive to URL reference a file instead of using the normal directory access). Details Vulnerable systems: phpBB2 version 2.0 RC3 and prior Immune systems: phpBB2 version 2.0 RC4 Exploit: