Pages: [1] 
|
 |
|
 Author
|
Topic: PHPBB - MUST Upgrade to 2.0.13 ASAP! (Read 1146 times)
|
|
AlphaWolf
|
K-OTik Security Advisory : KOTIK/ADV-2005-0212 CVE Reference : GENERIC-MAP-NOMATCH Rated as : High Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2005-02-28 * Technical Description * Two vulnerabilities were reported in phpBB, which may be exploited by attackers to determine the installation path or bypass certain security features. The first problem resides in the "autologinid" (includes/sessions.php) variable and could be exploited by malicious users to gain administrator rights. The second flaw resides in the "viewtopic.php" script, and could be exploited to disclose the webroot path. * Affected Products * phpBB version 2.0.12 and prior * Solution * phpBB version 2.0.13 : http://www.phpbb.com/downloads.php * References * http://www.k-otik.com/english/advisories/2005/0212http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563 |
|
|
|
« Last Edit: February 28, 2005, 12:12:01 PM by AlphaWolf »
|
Logged
|
|
|
|
|
Pages: [1] 
|
|
|
 |
AlphaOne Technology Support Forums
