| VID |
21460 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpBB, according to its version number, has a PHP script injection vulnerability in the 'viewtopic.php'. phpBB is a open-source bulletin board software package, which uses MySQL, MS-SQL, PostgreSQL or Access/ODBC database. phpBB versions prior to 2.0.11 could allow a remote attacker to inject malicious PHP files, caused by a failure of the application to properly validate the user-supplied in the 'viewtopic.php' script. By sending a specially-crafted URL request to the 'viewtopic.php' script that uses the 'highlight' variable to specify a malicious file from a remote system, a remote attacker could cause the target server to include and execute arbitrary PHP code located on a remote server.
* Note: This check solely relied on the version number of the remote phpBB installed on the web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.kb.cert.org/vuls/id/497400
http://securityfocus.com/archive/1/381510
http://securityfocus.com/archive/1/380993
http://securityfocus.com/archive/1/381582
http://securityfocus.com/archive/1/385208
http://isc.sans.org/diary.php?date=2004-12-21&isc=ae2a429f1b2ad1b23db10d5991563d14
http://packetstormsecurity.nl/exploits100.html
* Platforms Affected:
phpBB Group, phpBB versions prior to 2.0.11
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpBB (2.0.11 or later), available from the phpBB Web site at http://www.phpbb.com/index.php
A temporary workaround is available at the following location:
http://www.phpbb.com/phpBB/viewtopic.php?t=240513 |
| Related URL |
CVE-2004-1315 (CVE) |
| Related URL |
10701 (SecurityFocus) |
| Related URL |
18052 (ISS) |
|
