PT-2006-5172 · Phpbb · Phpbb+1
Spiderz
·
Publicado
2006-08-26
·
Atualizado
2017-10-19
·
CVE-2006-4367
CVSS v2.0
7.5
Alta
| Vetor | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
phpBB versions 2.0.21 and earlier, with All Topics Hack 1.5.0 and earlier
Description
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the
start parameter in the alltopics.php file.Recommendations
For phpBB versions 2.0.21 and earlier, with All Topics Hack 1.5.0 and earlier, consider restricting access to the alltopics.php file until a fix is available. Avoid using the
start parameter in the affected API endpoint until the issue is resolved.Exploit
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
All Topics Hack
Phpbb