FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpbb -- arbitrary command execution and other vulnerabilities

Affected packages
phpbb < 2.0.11

Details

VuXML ID e3cf89f0-53da-11d9-92b7-ceadd4ac2edd
Discovery 2004-11-18
Entry 2004-12-22
Modified 2005-01-24

The ChangeLog for phpBB 2.0.11 states:

Changes since 2.0.10

Additionally, a US-CERT Technical Cyber Security Alert reports:

phpBB contains an user input validation problem with regard to the parsing of the URL. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board.

References

CERT/CC Vulnerability Note 497400
CVE Name CVE-2004-1315
FreeBSD PR ports/74106
Message 20041113030542.11396.qmail@www.securityfocus.com
Message 20041118123055.28647.qmail@mail.securityfocus.com
URL http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636
URL http://www.phpbb.com/support/documents.php?mode=changelog
US-CERT Technical Cyber Security Alert TA04-356A