Family: CGI abuses --> Category: mixed
phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in phpBB Photo Album Module <= 2.0.53
Detailed Explanation for this Vulnerability Test
The remote web server contains a PHP application that is affected by
The installed version of phpBB on the remote host includes a photo
album module that is prone to multiple vulnerabilities:
- A SQL Injection Vulnerability
A possible hacker can pass arbitrary SQL code through the 'mode'
parameter of the 'album_search.php' script to manipulate
- Various Cross-Site Scripting Vulnerabilities
The application fails to properly sanitize user-input
through the 'sid' parameter of the 'album_cat.php' and
'album_comment.php' scripts. A possible hacker can exploit
these flaws to cause arbitrary HTML and script code to
be run in a user's browser within the context of the
affected web site.
See also :
Unknown at this time.
Medium / CVSS Base Score : 5
Click HERE for more information and discussions on this network vulnerability scan.