PT-2009-5383 · Phpbb · Phpbb

Primehalo

Published

2009-09-03

Updated

2017-09-19

CVE-2009-3052

CVSS v2.0

6.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: phpBB 3 Prime Quick Style addon versions prior to 1.2.3

Description: The issue allows remote authenticated users to execute arbitrary SQL commands. This is achieved by exploiting the prime quick style parameter to the "/ucp.php" API endpoint.

Recommendations: For versions prior to 1.2.3, update to version 1.2.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the /ucp.php endpoint or disabling the prime quick style parameter until a patch is available.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2009-3052

Affected Products

Phpbb

PT-2009-5383 · Phpbb · Phpbb

CVE-2009-3052

Weakness Enumeration

Related Identifiers

Affected Products

References · 7