Vulnerability Scanning Solutions, LLC.
Our Process
What We Scan For
Sample Report
Client List
Contact Us
What We Scan For
Family: CGI abuses --> Category: infos

Multiple vulnerabilities in phpBB 2.0.14 and older Vulnerability Scan

Vulnerability Scan Summary
Checks for multiple vulnerabilities in phpBB 2.0.14 and older

Detailed Explanation for this Vulnerability Test

Synopsis :

The remote web server contains a PHP application that is affected by
multiple vulnerabilities.

Description :

According to its banner, the remote host is running a version of phpBB
that suffers from multiple flaws:

- A BBCode Input Validation Vulnerability
The application fails to properly filter for the BBCode
URL in the 'includes/bbcode.php' script. With a specially-
crafted URL, a possible hacker cause arbitrary script code to be
executed in a user's browser, possibly even to modify
registry entries without the user's knowledge.

- Cross-Site Scripting Vulnerabilities
The application does not properly sanitize user-supplied input
to the 'forumname' and 'forumdesc' parameters of the
'admin/admin_forums.php' script. By enticing an phpBB
administrator to visit a a specially-crafted link, a possible hacker
can potentially steal the admin's session cookie or perform
other attacks.

- Improper Filtering of HTML Code
The application does not completely filter user-supplied input
to the 'u' parameter of the 'profile.php' script or the
'highlight' parameter of the 'viewtopic.php' script.

See also :

Solution :

Upgrade to phpBB version 2.0.15 or later.

Threat Level:

Low / CVSS Base Score : 3

Click HERE for more information and discussions on this network vulnerability scan.


P.O. Box 827051

Pembroke Pines, FL 33082-7051

Vulnerability Scanning Solutions, LLC.