PT-2007-7112 · Phpbb · Phpbb Garage

Maku234

Published

2007-12-04

Updated

2017-09-29

CVE-2007-6223

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions phpBB Garage version 1.2.0 Beta3

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the make id parameter in a search action in browse mode, specifically targeting the garage.php file.

Recommendations For phpBB Garage version 1.2.0 Beta3, avoid using the make id parameter in the search action in browse mode until a fix is available. As a temporary workaround, consider restricting access to the garage.php file to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2007-6223

Affected Products

Phpbb Garage

PT-2007-7112 · Phpbb · Phpbb Garage

CVE-2007-6223

Weakness Enumeration

Related Identifiers

Affected Products

References · 4