| VID |
21785 |
| Severity |
40 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
A version of phpBB which is older than version 2.0.18 is detected as installed on the host.
phpBB is a open-source bulletin board software package, which uses MySQL, MS-SQL, PostgreSQL or Access/ODBC database. phpBB 2.0.17 version and earlier versions are multiple remote vulnerabilities, which can be exploited by a remote attacker to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, and compromise a vulnerable system.
* Note: This check solely relied on the version number of the phpBB installed on the remote web server to assess this vulnerability, so this might be a false positive.
* References:
http://www.hardened-php.net/advisory_172005.75.html
http://securitytracker.com/id?1015121
http://secunia.com/advisories/17366
http://marc.theaimsgroup.com/?l=bugtraq&m=113081113317600&w=2
http://archives.neohapsis.com/archives/fulldisclosure/2005-10/0637.html
http://www.osvdb.org/20386
http://www.osvdb.org/20387
http://www.osvdb.org/20388
http://www.osvdb.org/20389
http://www.osvdb.org/20390
http://www.osvdb.org/20391
http://www.osvdb.org/20397
* Platforms Affected:
phpBB Group, phpBB 2.0.17 version and earlier versions
Any operating system Any version |
| Recommendation |
Upgrade to the latest version of phpBB (2.0.18 or later), available from the phpBB Group Web site at http://www.phpbb.com/downloads.php |
| Related URL |
CVE-2005-3415,CVE-2005-3416,CVE-2005-3417,CVE-2005-3418,CVE-2005-3419,CVE-2005-3420 (CVE) |
| Related URL |
15243,15246 (SecurityFocus) |
| Related URL |
22914 (ISS) |
|
