The remote host is missing an update to the system as announced in the referenced advisory.

Update your system with the appropriate patches or software upgrades. http://www.phpbb.com/support/documents.php?mode=changelog http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636 http://marc.theaimsgroup.com/?l=bugtraq&m=110029415208724 http://marc.theaimsgroup.com/?l=bugtraq&m=110079436714518 http://www.vuxml.org/freebsd/e3cf89f0-53da-11d9-92b7-ceadd4ac2edd.html

The following package is affected: phpbb CVE-2004-1315 viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.