** DISPUTED ** Multiple PHP remote file inclusion vulnerabilities in the 123 Flash Chat Module for php BB allow remote attackers to execute arbitrary PHP code via a URL in the phpbb_root_path parameter to (1) 123and (2) phpbb_login_
NOTE: CVE disputes this issue because $phpbb_root_path is explicitly set to "./" in both programs.
Visit and download the latest version of the forum Unzip the file and you will find a folder named “phpbb”.
Now you need to decide whether you want your URL to look like or yourdomain.com/Name Of The Folder/ If you want it to look like the first one you need to upload only the content of the “phpbb” folder.
I usually rename it to "forum" so I get yourdomain.com/forum/ as the URL of it. If you don’t know how to upload the files to your server visit the Hosting and FTP applications FAQ and read how an FTP application works. At first you get to this page Click on install and you will be shown the requirements of the installation Hit "Proceed to next step" to continue You will see an installation compatibility test.
Please ensure you read that document in addition to this!