| VID |
21269 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpBB installed on the Web server has a SQL injection vulnerability using search.php script.
The phpBB is a open-source bulletin board software package, which uses MySQL, MS-SQL, PostgreSQL or Access/ODBC database. This SQL injection vulnerability arises due to handling insufficiently user-supplied input passed to the "search.php" script. By sending the search_id variable containing SQL queries to the "search.php" script, a remote attacker can manipulate the underlying database. As a result of this an attacker could manipulate the SQL query the script performs and potentially extract information such as password hashes from the database.
* References:
http://www.securityfocus.com/archive/1/345872
http://www.securityfocus.com/archive/1/345946
* Platforms Affected:
phpBB version 2.0.6 and earlier
Linux Any version
Unix Any version
Windows Any version |
| Recommendation |
Upgrade to the newest version (2.0.6 or later) of phpBB, available from http://www.phpbb.com/downloads.php
As a workaround, you can obtain a temporary fix from phpBB forums at http://www.phpbb.com/phpBB/viewtopic.php?t=153818 |
| Related URL |
CVE-2003-1216 (CVE) |
| Related URL |
9122 (SecurityFocus) |
| Related URL |
13867 (ISS) |
|
