|
|
Family: CGI abuses --> Category: infos
phpBB <= 2.0.17 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in phpBB <= 2.0.17
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
multiple vulnerabilities.
Description :
The remote host is running a version of phpBB that, if using PHP 5
with 'register_globals' enabled, fails to properly deregister global
variables as well as to initialize several variables in various
scripts. A possible hacker may be able to exploit these issues to execute
arbitrary code or to conduct SQL injection and cross-site scripting
attacks.
See also :
http://www.hardened-php.net/advisory_172005.75.html
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756
Solution :
Upgrade to phpBB version 2.0.18 or later.
Threat Level:
High / CVSS Base Score : 7.0
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
