Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: phpBB 2.x
A vulnerability has been reported in phpBB, which potentially can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "highlight" parameter in "viewtopic.php" is not properly sanitised before being used in a "preg_replace()" call. This may be exploited to inject arbitrary PHP code.
The vulnerability has been reported in version 2.0.15. Prior versions may also be affected.
Update to version 2.0.16.