[原文]Multiple PHP remote file inclusion vulnerabilities in Mail2Forum (module for phpBB) 1.2 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the m2f_root_path parameter to (1) m2f/m2f_phpbb204.php, (2) m2f/m2f_forum.php, (3) m2f/m2f_mailinglist.php or (4) m2f/m2f_cron.php.
Mail2Forum for phpBB m2f_phpbb204.php m2f_root_path Parameter Remote File Inclusion
Remote / Network Access
Loss of Integrity
Mail2Forum for phpBB contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to m2f_phpbb204.php not properly sanitizing user input supplied to the 'm2f_root_path' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
Currently, there are no known upgrades, patches, or workarounds available to correct this issue.