| VID |
21556 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The phpBB's photo album software is vulnerable to multiple input validation vulnerabilities. phpBB is a open-source bulletin board software package, which uses MySQL, MS-SQL, PostgreSQL or Access/ODBC database. pbpBB Photo Album 2.0.53 versions and earlier are vulnerable to multiple input validation vulnerabilities, which can be exploited by remote attackers to conduct cross-site scripting and SQL injection attacks.
1) Input passed to the 'sid' parameter of the 'album_cat.php' script and the 'sid' parameter of the 'admin_comment.php' script are not properly sanitized before being returned to users. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of a vulnerable site.
2) Input passed to the 'mode' parameter in the 'album_search.php' script isn't properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
* References:
http://www.security.nnov.ru/Idocument334.html
http://zone-h.org/en/advisories/read/id=7429/
* Platforms Affected:
phpBB Group, phpBB photo album versions 2.0.53 and earlier
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpBB photo album (2.0.54 or later), available from the phpBB Web site at http://www.phpbb.com/downloads.php |
| Related URL |
CVE-2005-1114 (CVE) |
| Related URL |
13155 (SecurityFocus) |
| Related URL |
20086 (ISS) |
|
