PunBB language Paramater Local File Include Vulnerability

Summary
The remote web server contains a PHP script that is affected by a local file include issue. Description: The version of PunBB installed on the remote host fails to sanitize input to the 'language' parameter before storing it in the 'register.php' script as a user's preferred language setting. By registering with a specially-crafted value, an attacker can leverage this issue to view arbitrary files and possibly execute arbitrary code on the affected host.
Solution
Update to version 1.2.14 or later.
References