CVE-2005-1113

Name of the Vulnerable Software and Affected Versions PhpBB Plus versions 1.52 and earlier

Description The issue allows remote attackers to inject arbitrary web script or HTML via specific parameters to various PHP files. This can be achieved by manipulating the bsid parameter to files such as "groupcp.php", "index.php", "portal.php", "viewforum.php", or "viewtopic.php", the c parameter to "index.php", or the article parameter to "portal.php".

Recommendations For PhpBB Plus versions 1.52 and earlier, as a temporary workaround, consider restricting access to the vulnerable parameters bsid, c, and article in the affected API endpoints until a patch is available. Avoid using these parameters in the respective PHP files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.