| VID |
210027 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpBB software are vulnerable to multiple vulnerabilities which exist in versions prior to 2.0.22. phpBB is a open-source bulletin board software package, which uses MySQL, MS-SQL, PostgreSQL or Access/ODBC database. phpBB versions prior to 2.0.22 are vulnerable to multiple vulnerabilities. A remote attacker could exploit these issues to potentially redirect traffic, perform cross-site scripting attacks, and gain unauthorized access.
* References:
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624
http://www.securityfocus.com/archive/1/archive/1/445788/100/0/threaded
http://www.securityfocus.com/archive/1/archive/1/453774/100/0/threaded
http://www.security.nnov.ru/Odocument221.html
http://secunia.com/advisories/22188
http://secunia.com/advisories/23283
* Platforms Affected:
phpBB Group, phpBB versions prior to 2.0.22
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpBB (2.0.22 or later), available from the phpBB Web site at http://www.phpbb.com/downloads.php |
| Related URL |
CVE-2006-4758,CVE-2006-6421,CVE-2006-6839,CVE-2006-6840,CVE-2006-6841 (CVE) |
| Related URL |
20347,21806 (SecurityFocus) |
| Related URL |
28884,30776,31390 (ISS) |
|
