PT-2003-2189 · Phpbb · Phpbb
Published
2003-12-31
·
Updated
2008-09-05
·
CVE-2003-1244
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
phpBB versions 2.0 through 2.0.2
Description
The issue allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the
forum id parameter to "index.php". This can lead to unauthorized access.Recommendations
For versions 2.0 through 2.0.2, as a temporary workaround, consider restricting access to the
index.php endpoint until a patch is available. Avoid using the forum id parameter in the affected endpoint until the issue is resolved.Exploit
Fix
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Phpbb