Release Date: 2005-06-28
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: phpBB 2.x
http://secunia.com/advisories/15845/
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Vendor Patch
Software: phpBB 2.x
Quote
Description:
A vulnerability has been reported in phpBB, which potentially can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "highlight" parameter in "viewtopic.php" is not properly sanitised before being used in a "preg_replace()" call. This may be exploited to inject arbitrary PHP code.
The vulnerability has been reported in version 2.0.15. Prior versions may also be affected.
Solution:
Update to version 2.0.16.
http://www.phpbb.com/downloads.php
A vulnerability has been reported in phpBB, which potentially can be exploited by malicious people to compromise a vulnerable system.
Input passed to the "highlight" parameter in "viewtopic.php" is not properly sanitised before being used in a "preg_replace()" call. This may be exploited to inject arbitrary PHP code.
The vulnerability has been reported in version 2.0.15. Prior versions may also be affected.
Solution:
Update to version 2.0.16.
http://www.phpbb.com/downloads.php
http://secunia.com/advisories/15845/

Help
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.



Back to top









