|
Family: CGI abuses --> Category: attack
phpBB < 2.0.22 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary Tries to pass a 'bad' redirect in via phpBB
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
multiple vulnerabilities.
Description :
The version of phpBB installed on the remote host fails to properly
block 'bad' redirection targets. In addition, it reportedly contains
a non-persistent cross-site scripting flaw involving its private
messaging functionality and several other issues. At a minimum, a
remote attacker can leverage these flaws to launch cross-site
scripting attacks against the affected application.
See also :
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624
Solution :
Upgrade to phpBB 2.0.22 or later.
Threat Level:
High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|