PT-2006-5172 · Phpbb · Phpbb+1

Spiderz

Published

2006-08-26

Updated

2017-10-19

CVE-2006-4367

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phpBB versions 2.0.21 and earlier, with All Topics Hack 1.5.0 and earlier

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the start parameter in the alltopics.php file.

Recommendations For phpBB versions 2.0.21 and earlier, with All Topics Hack 1.5.0 and earlier, consider restricting access to the alltopics.php file until a fix is available. Avoid using the start parameter in the affected API endpoint until the issue is resolved.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-4367

Affected Products

All Topics Hack

Phpbb

PT-2006-5172 · Phpbb · Phpbb+1

CVE-2006-4367

Related Identifiers

Affected Products

References · 4