The vulnerability is reported in version 1.3.10 of the module, with the possibility that other versions may also be affected.
It is reported to be Highly Critical.
Input passed to the “phpbb_root_path” parameter in admin/modules_data.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.
A solution as of now is to edit the source code to ensure that the parameter is properly verified.
If your Windows XP denies to run due to an error corresponding to lost HAL.DLL, invalid Boot.ini or any other important system boot files you can fix this by using the XP installation CD. Just boot from your XP Setup CD and enter the Recovery Console. Then run \”attrib -H -R -S\” on the C:Boot.ini file and remove it. Run \”Bootcfg /Rebuild\” and then Fixboot
Hi Folks!
Just wanted to share my new experience.
If your Windows XP denies to run due to an error corresponding to lost HAL.DLL, invalid Boot.ini or any other important system boot files you can fix this by using the XP installation CD. Just boot from your XP Setup CD and enter the Recovery Console. Then run \”attrib -H -R -S\” on the C:Boot.ini file and remove it. Run \”Bootcfg /Rebuild\” and then Fixboot
Regards,
Carl