| VID |
21316 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpBB installed on the Web server, according to its version number, has multiple SQL injection vulnerabilities.
The phpBB is a open-source bulletin board software package, which uses MySQL, MS-SQL, PostgreSQL or Access/ODBC database. One vulnerability exists in 'admin_board.php' script and the other exists in 'sessions.php' related to improper characters in the session id variable. These vulnerabilities are due to a failure of the application to properly sanitize user-supplied URI parameters before using them to construct SQL queries to be issued to the underlying database.
To successfully exploit this vulnerability, a remote attacker could use to gain administrative access on the affected system or to obtain the MD5 hash of the password of the affected system's user.
* Note: This check solely relied on the version of the remote phpBB installed on the web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=7814
http://www.osvdb.org/displayvuln.php?osvdb_id=7811
http://www.phpbb.com/support/documents.php?mode=changelog
* Platforms Affected:
The versions prior to phpBB 2.0.9
Linux Any version
Unix Any version
Windows Any version |
| Recommendation |
Upgrade to the latest version of phpBB (2.0.9 or later), available from http://www.phpbb.com/downloads.php |
| Related URL |
(CVE) |
| Related URL |
10722 (SecurityFocus) |
| Related URL |
(ISS) |
|
