[原文]install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "register_globals" variables are set to "on", allows remote attackers to execute arbitrary PHP code by modifying the phpbb_root_dir parameter to reference a URL on a remote web server that contains the code.
Reportedly, exploitation of this type of vulnerability is not possible unless both 'allow_url_fopen' and 'register_globals' are enabled in the local site PHP configuration. It is good practice to disable any unneeded options. The installation document distributed with phpBB instructs users to delete 'install.php', 'upgrade.php' and 'update_to_FINAL.php' files.
phpBB contains a flaw that allows a remote attacker to call an arbitrary external file. The issue is due to "install.php" script not properly validating the "phpbb_root_dir" variable. If an attacker specifies a malicious external file, the contents will be processed by phpBB and allow the execution of arbitrary commands.
Upgrade to version 2.0.7 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workarounds: configure the "allow_url_fopen" and "register_globals" variables to "off".