CVE-2004-1535 | Vulnerability Database | Aqua Security

PHP remote file inclusion vulnerability in admin_cash.php for the Cash Mod module for phpBB allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_path parameter to reference a URL on a remote web server that contains the code.

Affected Software

Name	Vendor	Start Version	End Version
Phpbb	Phpbb_group	2.0.0 (including)	2.0.0 (including)
Phpbb	Phpbb_group	2.0.1 (including)	2.0.1 (including)
Phpbb	Phpbb_group	2.0.2 (including)	2.0.2 (including)
Phpbb	Phpbb_group	2.0.3 (including)	2.0.3 (including)
Phpbb	Phpbb_group	2.0.4 (including)	2.0.4 (including)
Phpbb	Phpbb_group	2.0.5 (including)	2.0.5 (including)
Phpbb	Phpbb_group	2.0.6 (including)	2.0.6 (including)
Phpbb	Phpbb_group	2.0.7 (including)	2.0.7 (including)
Phpbb	Phpbb_group	2.0.8 (including)	2.0.8 (including)
Phpbb	Phpbb_group	2.0.9 (including)	2.0.9 (including)
Phpbb	Phpbb_group	2.0.10 (including)	2.0.10 (including)
Phpbb	Phpbb_group	rc1 (including)	rc1 (including)
Phpbb	Phpbb_group	rc1_pre (including)	rc1_pre (including)
Phpbb	Phpbb_group	rc2 (including)	rc2 (including)
Phpbb	Phpbb_group	rc3 (including)	rc3 (including)
Phpbb	Phpbb_group	rc4 (including)	rc4 (including)

References

http://marc.info/?l=bugtraq\u0026m=110075903308817\u0026w=2
http://marc.info/?l=bugtraq\u0026m=110082153702843\u0026w=2
https://exchange.xforce.ibmcloud.com/vulnerabilities/18151

NVD	https://nvd.nist.gov/vuln/detail/CVE-2004-1535
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html