phpBB 2.0.x Remote Unspecified "bbcode.php" Vulnerability

AlphaOne Technology Support Forums

Welcome, Guest. Please login or register.
December 02, 2008, 12:25:25 PM

1733 Posts in 827 Topics by 4756 Members
Latest Member: Uobeley

Home

Help

Login

Register

AlphaOne Technology Support Forums | IMPORTANT ANNOUNCEMENTS | Security Announcements | PhpBB Alerts | Topic: phpBB 2.0.x Remote Unspecified "bbcode.php" Vulnerability

0 Members and 1 Guest are viewing this topic.

« previous next »

Pages: [1]

Go Down

Print

Author

Topic: phpBB 2.0.x Remote Unspecified "bbcode.php" Vulnerability (Read 921 times)

AlphaWolf

AOT Administrator
Administrator
Hero Member

Offline

Offline

Posts: I am a geek!!

WWW

phpBB 2.0.x Remote Unspecified "bbcode.php" Vulnerability

« on: May 09, 2005, 05:31:42 PM »

FrSIRT Advisory : FrSIRT/ADV-2005-0498
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : High Risk
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-05-09

* Technical Description *

phpBB Group has released a security patch to correct a vulnerability identified in phpBB. The flaw is due to an unspecified error in the "bbcode.php" script, which may be exploited by attackers to bypass certain security restrictions and potentially execute arbitrary commands on a vulnerable system.

* Affected Products *

phpBB Group phpBB version 2.0.14 and prior

* Solution *

Upgrade to phpBB version 2.0.15 :
http://www.phpbb.com/downloads.php

* References *

http://www.frsirt.com/english/advisories/2005/0498
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=288194


	Logged

AlphaOne Tech Webmaster Resources
http://www.alphaone-tech.com/resources/

Pages: [1]

Go Up

Print

AlphaOne Technology Support Forums | IMPORTANT ANNOUNCEMENTS | Security Announcements | PhpBB Alerts | Topic: phpBB 2.0.x Remote Unspecified "bbcode.php" Vulnerability

« previous next »

Jump to:

AlphaOne Technology Support Forums | Powered by SMF 1.0.7.
© 2001-2005, Lewis Media. All Rights Reserved.