| VID |
21399 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpBB installed on the Web server has a Remote PHP File Include Vulnerability in the admin_cash.php.
The phpBB is a open-source bulletin board software package, which uses MySQL, MS-SQL, PostgreSQL or Access/ODBC database. phpBB versions 2.0.10 and earlier could allow a remote attacker to include malicious PHP files hosted on a third party server, caused by a vulnerability in phpBB Cash_Mod module. If the allow_url_fopen and register_globals options are enabled in the php.ini file, by sending a specially-crafted URL request to the admin_cash.php script using the "phpbb_root_path" variable that specifies a malicious PHP file on a remote system as a parameter, a remote attacker could make the target server to include any PHP file, and it to execute on the vulnerable Web server.
* References:
http://archives.neohapsis.com/archives/bugtraq/2004-11/0235.html
http://archives.neohapsis.com/archives/bugtraq/2004-11/0252.html
http://archives.neohapsis.com/archives/bugtraq/2004-11/0238.html
http://archives.neohapsis.com/archives/bugtraq/2004-11/0227.html
* Platforms Affected:
phpBB Group, phpBB 2.0.10 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpBB (2.0.11 or later), available from the phpBB Web site at http://www.phpbb.com/index.php |
| Related URL |
CVE-2004-1535 (CVE) |
| Related URL |
11701 (SecurityFocus) |
| Related URL |
18151 (ISS) |
|
