Korean

<< Back VID 21483 Severity 30 Port 80, ... Protocol TCP Class CGI Detailed Description A version of phpBB which is older than 2.0.12 is running on the host. phpBB is a open-source bulletin board software package, which uses MySQL, MS-SQL, PostgreSQL or Access/ODBC database. phpBB versions prior to 2.0.12 could allow a remote attacker to view and delete sensitive information as follows: 1) An input validation error in the upload handling of avatars can be exploited to disclose arbitrary files by simultaneously requesting to upload an avatar from both a local and a remote source, and specifying a local path in the "Upload Avatar from a URL:" field. Successful exploitation requires that "Enable remote avatars" and "Enable avatar uploading" are enabled (not default settings). 2) Input validation errors in "usercp_avatar.php" and "usercp_register.php" can in combination be exploited to delete arbitrary files via directory traversal attacks. Successful exploitation requires that "Enable gallery avatars" is enabled (not default setting). 3) Some issues disclosing the full path to certain scripts have also been reported. * Note: This check solely relied on the version number of the remote phpBB installed on the web server to assess this vulnerability, so this might be a false positive. * References: http://www.phpbb.com/phpBB/viewtopic.php?t=265423 http://secunia.com/advisories/14362/ http://www.securitytracker.com/alerts/2005/Feb/1013262.html http://www.kb.cert.org/vuls/id/774686 http://www.idefense.com/application/poi/display?id=204&type=vulnerabilities http://www.idefense.com/application/poi/display?id=205&type=vulnerabilities * Platforms Affected: phpBB Group, phpBB versions prior to 2.0.12 Any operating system Any version Recommendation Upgrade to the latest version of phpBB (2.0.12 or later), available from the phpBB Download Web page at http://www.phpbb.com/downloads.php Related URL CVE-2005-0258,CVE-2005-0259 (CVE) Related URL 12618,12621,12623 (SecurityFocus) Related URL 19425,19439 (ISS)