Vulnerability Assessment & Network Security Forums



If through a vulnerability assessment, a network security issue is detected for the vulnerability below, applying the appropriate security patches in a timely matter is very important.  If you have detected that your system has already been compromised, following CERT's Network Security recovery document will assist with recommended steps for system recovery.


Home >> Browse Vulnerability Assessment Database >> CGI abuses >> phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities


Vulnerability Assessment Details

phpBB Photo Album Module <= 2.0.53 Multiple Vulnerabilities

Vulnerability Assessment Summary
Checks for multiple vulnerabilities in phpBB Photo Album Module <= 2.0.53

Detailed Explanation for this Vulnerability Assessment

Summary :

The remote web server contains a PHP application that is affected by
multiple vulnerabilities.

Description :

The installed version of phpBB on the remote host includes a photo
album module that is prone to multiple vulnerabilities:

- A SQL Injection Vulnerability
A possible hacker can pass arbitrary SQL code through the 'mode'
parameter of the 'album_search.php' script to manipulate
database queries.

- Various Cross-Site Scripting Vulnerabilities
The application fails to properly sanitize user-input
through the 'sid' parameter of the 'album_cat.php' and
'album_comment.php' scripts. A possible hacker can exploit
these flaws to cause arbitrary HTML and script code to
be run in a user's browser within the context of the
affected web site.

See also :

http://archives.neohapsis.com/archives/bugtraq/2005-04/0190.html

Solution :

Unknown at this time.

Network Security Threat Level:

Medium / CVSS Base Score : 5
(AV:R/AC:L/Au:NR/C:P/A:N/I:P/B:N)

Networks Security ID: 13157, 13158

Vulnerability Assessment Copyright: This script is Copyright (C) 2005-2006 Tenable Network Security

Cables, Connectors


IBM Power S822 8284-22A 12SFF Power8 3.89GHz 6Core 64GB RAM No HDD Server System picture

IBM Power S822 8284-22A 12SFF Power8 3.89GHz 6Core 64GB RAM No HDD Server System

$359.99



IBM Server System X3100 M4 | Xeon @ 3.10 Ghz | 8GB | 250GB HDD No OS (IG-PC26) picture

IBM Server System X3100 M4 | Xeon @ 3.10 Ghz | 8GB | 250GB HDD No OS (IG-PC26)

$96.01



IBM System X3250 M3 Server 8GB RAM Intel Xeon x3440 2.53ghz (NO HDD) picture

IBM System X3250 M3 Server 8GB RAM Intel Xeon x3440 2.53ghz (NO HDD)

$36.53



IBM x3650 M4 2x Xeon E5-2670 2.6ghz 16-Core / 64GB / M5110e / 2x PSU picture

IBM x3650 M4 2x Xeon E5-2670 2.6ghz 16-Core / 64GB / M5110e / 2x PSU

$229.99



IBM System x3550 M3 Dual Intel Xeon X5650 @2.67GHz 32GB RAM No HDD picture

IBM System x3550 M3 Dual Intel Xeon X5650 @2.67GHz 32GB RAM No HDD

$74.50



ibm server z series picture

ibm server z series

$16000.00



Lenovo x3550 M5 Server - 120Gb SSD/3x300Gb SAS, 32GB Ram, 2x3.5Ghz CPUs, Proxmox picture

Lenovo x3550 M5 Server - 120Gb SSD/3x300Gb SAS, 32GB Ram, 2x3.5Ghz CPUs, Proxmox

$280.00



IBM System X3100 M5 (PN: 5457-AC1) Server picture

IBM System X3100 M5 (PN: 5457-AC1) Server

$275.00



IBM x3250 M4 1U Server With Four 2.5

IBM x3250 M4 1U Server With Four 2.5" Drive Bays

$299.99



NEW IBM Q Radar xx29 2x Xeon E5-2667 v4 3.2ghz 16-Cores / 128gb / M5120 RAID picture

NEW IBM Q Radar xx29 2x Xeon E5-2667 v4 3.2ghz 16-Cores / 128gb / M5120 RAID

$529.99



Discussions

No Discussions have been posted on this vulnerability.