Unrated severityNVD Advisory· Published Dec 31, 2002· Updated Jun 16, 2026

CVE-2002-1707

Description

install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.

Affected products

PhpBB/phpBB7 versions
cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*+ 6 more
- cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0_rc1:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0_rc2:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0_rc3:*:*:*:*:*:*:*
- cpe:2.3:a:phpbb_group:phpbb:2.0_rc4:*:*:*:*:*:*:*
- (no CPE)range: >=2.0, <=2.0.1

Patches

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

online.securityfocus.com/archive/1/277318nvd
www.securityfocus.com/bid/5038nvd
exchange.xforce.ibmcloud.com/vulnerabilities/9370nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000