Unrated severityNVD Advisory· Published Oct 20, 2006· Updated Jun 16, 2026

CVE-2006-5435

Description

PHP remote file inclusion vulnerability in groupcp.php in phpBB 2.0.10 and earlier allows remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter. NOTE: CVE and the vendor dispute this vulnerability because $phpbb_root_path is defined before use

Affected products

PhpBB/phpBB2 versions
cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:phpbb_group:phpbb:*:*:*:*:*:*:*:*range: <=2.0.10
- (no CPE)range: <=2.0.10

Patches

Vulnerability mechanics

References

www.securityfocus.com/archive/1/449114/100/0/threadednvd
www.securityfocus.com/archive/1/449232/100/0/threadednvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000