FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2004-1315

This CVE name corresponds to:

Entered Topic
2004-12-22 phpbb -- arbitrary command execution and other vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2004-1315 at cve.mitre.org

Details

Type Candidate
Name CVE-2004-1315
Phase Assigned(20041222)

Description

viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the highlight parameter when extracting words and phrases to highlight, which allows remote attackers to execute arbitrary PHP code by double-encoding the highlight value so that special characters are inserted into the result, which is then processed by PHP exec, as exploited by the Santy.A worm.

References

Source Reference
BUGTRAQ 20041112 phpBB Code EXEC (v2.0.10)
BUGTRAQ 20041118 EXEC exploit in phpBB - fix
BUGTRAQ 20041220 phpBB Worm
BUGTRAQ 20041222 Re: phpBB Worm
CONFIRM http://www.phpbb.com/phpBB/viewtopic.php?t=240513
GENTOO GLSA-200411-32
CERT TA04-356A
CERT-VN VU#497400
BID 10701
SECUNIA 13239
XF phpbb-view-sql-injection(18052)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.