|
|
|
![]() |
Vulnerability Note VU#497400phpBB viewtopic.php fails to properly sanitize input passed to the "highlight" parameterOverviewphpBB contains an user input validation problem with regard to the parsing of the URL. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board.I. DescriptionphpBB is an open-source bulletin board. A lack of input validation on the highlight parameter supplied to viewtopic.php may allow a remote attacker to execute arbitrary commands on a vulnerable server. The problem occurs because phpBB does not scan incoming URLs for malicious content when they are decoded.We have seen reports of exploitation related to this vulnerability.
Note that phpBB version 2.0.11 did not adequately correct this vulnerability. The phpBB Development Team has released phpBB version 2.0.16 to fully correct this issue.
References
This vulnerability was reported by the phpBB Development Team. This document was written by Jeff Gennari.
If you have feedback, comments, or additional information about this vulnerability, please send us
email. |
|||||||||||||||||||||||||||||||||||||
|
|||||||||||||||||||||||||||||||||||||||