PT-2007-5811 · Phpbb · Links Mod+1
Don
·
Published
2007-09-04
·
Updated
2017-09-29
·
CVE-2007-4653
CVSS v2.0
7.5
High
| Vector | AV:N/AC:L/Au:N/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions:
phpBB versions 2.0.22 and earlier
Links MOD version 1.2.2 and earlier
Description:
The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the
start parameter in a "search" action, specifically targeting the links.php file in the Links MOD for phpBB.Recommendations:
For phpBB versions 2.0.22 and earlier, update to a version later than 2.0.22.
For Links MOD version 1.2.2 and earlier, update to a version later than 1.2.2.
As a temporary workaround, consider restricting access to the links.php file in the Links MOD to minimize the risk of exploitation.
Avoid using the
start parameter in the affected search action until the issue is resolved.Exploit
Fix
RCE
SQL injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Links Mod
Phpbb