Pages: [1] 
|
 |
|
 Author
|
Topic: phpBB Personal Notes Mod Remote SQL Injection Vulnerability (Read 888 times)
|
|
AlphaWolf
|
FrSIRT Advisory : FrSIRT/ADV-2005-0416 CVE Reference : GENERIC-MAP-NOMATCH Rated as : Moderate Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-04-28 * Technical Description * A new vulnerability was identified in phpBB Personal Notes Module, which may be exploited by remote attackers to execute arbitrary SQL commands. This flaw is due to an input validation error in the "posting_notes.php" file when handling a specially crafted "p" parameter, which may be exploited by remote users to conduct SQL injection attacks. * Affected Products * phpBB Personal Notes Module version 1.4.6 and prior * Solution * The FrSIRT is not aware of any official supplied patch for this issue. * References * http://www.frsirt.com/english/advisories/2005/0416http://www.gulftech.org/?node=research&article_id=00070-04272005 |
|
|
|
|
Logged
|
|
|
|
|
Pages: [1] 
|
|
|
 |
AlphaOne Technology Support Forums
