Vulnerability Note VU#497400
phpBB viewtopic.php fails to properly sanitize input passed to the "highlight" parameter
Overview
phpBB contains an user input validation problem with regard to the parsing of the URL. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board.
Description
phpBB is an open-source bulletin board. A lack of input validation on the highlight parameter supplied to viewtopic.php may allow a remote attacker to execute arbitrary commands on a vulnerable server. The problem occurs because phpBB does not scan incoming URLs for malicious content when they are decoded. We have seen reports of exploitation related to this vulnerability. |
Impact
A remote attacker may be able to deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board. |
Solution
Update |
Systems Affected (Learn More)
| Vendor | Status | Date Notified | Date Updated |
|---|---|---|---|
| phpBB | Affected | - | 21 Dec 2004 |
CVSS Metrics (Learn More)
| Group | Score | Vector |
|---|---|---|
| Base | N/A | N/A |
| Temporal | N/A | N/A |
| Environmental | N/A | N/A |
References
- http://secunia.com/advisories/13239/
- http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636
- http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513
Credit
This vulnerability was reported by the phpBB Development Team.
This document was written by Jeff Gennari.
Other Information
- CVE IDs: Unknown
- Date Public: 19 Nov 2004
- Date First Published: 21 Dec 2004
- Date Last Updated: 29 Jun 2005
- Severity Metric: 37.97
- Document Revision: 33
Feedback
If you have feedback, comments, or additional information about this vulnerability, please send us email.
View Notes By
Report a Vulnerability
Please use the Vulnerability Reporting Form to report a vulnerability. Alternatively, you can send us email. Be sure to read our vulnerability disclosure policy.