| VID |
21504 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of phpBB which is older or equal to 2.0.13 is running on the host. phpBB is a open-source bulletin board software package, which uses MySQL, MS-SQL, PostgreSQL or Access/ODBC database. phpBB versions 2.0.13 and earlier could allow a remote attacker to bypass certain security restrictions. The vulnerability is caused due to an error in "sessions.php" where the $userdata['user_level'] variable is not correctly reset after a failed autologin. This can be exploited to perform certain actions requiring administrative privileges (e.g. view mail addresses for arbitrary users).
* Note: This check solely relied on the version number of the phpBB installed on the remote Web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.securityfocus.com/archive/1/392481
http://secunia.com/advisories/14493/
* Platforms Affected:
phpBB Group, phpBB versions 2.0.13 and earlier
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of March 2005.
Upgrade to the new version of phpBB (2.0.13 later), when new version fixed this problem becomes available from the phpBB Download Web page at http://www.phpbb.com/downloads.php |
| Related URL |
(CVE) |
| Related URL |
12736 (SecurityFocus) |
| Related URL |
19638 (ISS) |
|
