|
|
Family: CGI abuses --> Category: mixed
phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities Vulnerability Scan
Vulnerability Scan Summary
Checks for multiple vulnerabilities in phpBB Photo Album Module <= 2.0.53
Detailed Explanation for this Vulnerability Test
Synopsis :
The remote web server contains a PHP application that is affected by
multiple vulnerabilities.
Description :
The installed version of phpBB on the remote host includes a photo
album module that is prone to multiple vulnerabilities:
- A SQL Injection Vulnerability
A possible hacker can pass arbitrary SQL code through the 'mode'
parameter of the 'album_search.php' script to manipulate
database queries.
- Various Cross-Site Scripting Vulnerabilities
The application fails to properly sanitize user-input
through the 'sid' parameter of the 'album_cat.php' and
'album_comment.php' scripts. A possible hacker can exploit
these flaws to cause arbitrary HTML and script code to
be run in a user's browser within the context of the
affected web site.
See also :
http://archives.neohapsis.com/archives/bugtraq/2005-04/0190.html
Solution :
Unknown at this time.
Threat Level:
Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)
Click HERE for more information and discussions on this network vulnerability scan.
|
