Vulnerability Assessment & Network Security Forums

If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.

Home >> Browse Vulnerability Assessment Database >> CGI abuses >> phpBB < 2.0.22 Multiple Vulnerabilities

Vulnerability Assessment Details

phpBB < 2.0.22 Multiple Vulnerabilities
Vulnerability Assessment Summary
Tries to pass a 'bad' redirect in via phpBB

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a PHP application that is affected by
multiple vulnerabilities.

Description :

The version of phpBB installed on the remote host fails to properly
block 'bad' redirection targets. In addition, it reportedly contains
a non-persistent cross-site scripting flaw involving its private
messaging functionality and several other issues. At a minimum, a
remote attacker can leverage these flaws to launch cross-site
scripting attacks against the affected application.

See also :

http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=489624

Solution :

Upgrade to phpBB 2.0.22 or later.

Network Security Threat Level:

High / CVSS Base Score : 7
(AV:R/AC:L/Au:NR/C:P/I:P/A:P/B:N)

Networks Security ID: 20347, 21806

Vulnerability Assessment Copyright: This script is Copyright (C) 2007 Tenable Network Security
Cables, Connectors


Extron RGB-160XI Analog Computer Video 60-378-01 picture

Extron RGB-160XI Analog Computer Video 60-378-01

$187.06


The analog thing modern open source, educational, low-cost analog computer picture

The analog thing modern open source, educational, low-cost analog computer

$800.00


NEW Aquarius+ Computer Signature Edition - 8Bit Retro System picture

NEW Aquarius+ Computer Signature Edition - 8Bit Retro System

$229.00


Apple Macintosh SE/30 M5119 Computer 8MB RAM Recapped Working *See Description* picture

Apple Macintosh SE/30 M5119 Computer 8MB RAM Recapped Working *See Description*

$500.00


Landen Computer. Circa 1898. the Rapid Computer Company. With Original Case. picture

Landen Computer. Circa 1898. the Rapid Computer Company. With Original Case.

$425.00


Soviet Union motherboard analog computer ZX Spectrum USSR picture

Soviet Union motherboard analog computer ZX Spectrum USSR

$97.00


IBM Modem Saver Phone Line Tester picture

IBM Modem Saver Phone Line Tester

$7.99


NEW Aquarius+ Mini 8Bit Retro Computer System - Assembled PCB ONLY picture

NEW Aquarius+ Mini 8Bit Retro Computer System - Assembled PCB ONLY

$99.00


Apple Macintosh Color Classic Analog CRT Power Board - RECAPPED AND TESTED picture

Apple Macintosh Color Classic Analog CRT Power Board - RECAPPED AND TESTED

$249.99


ACASIS PCIE Capture Card HDMI 1.4 1080P60HZ PCIE 2.0 X4 20Gbps for Video Capture picture

ACASIS PCIE Capture Card HDMI 1.4 1080P60HZ PCIE 2.0 X4 20Gbps for Video Capture

$248.99


Discussions

No Discussions have been posted on this vulnerability.