phpBB < 2.0.11 Multiple Vulnerabilities (ESMARKCONANT)

high Nessus Plugin ID 16200

Synopsis

Arbitrary code may be run on the remote server.

Description

The remote host is running a version of phpBB older than 2.0.11. It is reported that this version of phpBB is susceptible to a script injection vulnerability which may allow an attacker to execute arbitrary code on the remote host. In addition, phpBB has been reported to multiple SQL injections, although Nessus has not checked for them.

ESMARKCONANT is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.

Solution

Upgrade to phpBB 2.0.11 or later.

Plugin Details

Severity: High

ID: 16200

File Name: phpbb_viewtopic_script_injection.nasl

Version: 1.23

Type: remote

Family: CGI abuses

Published: 1/18/2005

Updated: 6/4/2024

Configuration: Enable thorough checks

Supported Sensors: Nessus

Enable CGI Scanning: true

Risk Information

VPR

Risk Factor: Medium

Score: 4.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: High

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:phpbb_group:phpbb

Required KB Items: www/phpBB

Excluded KB Items: Settings/disable_cgi_scanning

Exploit Ease: No exploit is required

Vulnerability Publication Date: 11/12/2004

Exploitable With

Metasploit (phpBB viewtopic.php Arbitrary Code Execution)

Reference Information

CVE: CVE-2004-1315

BID: 10701

CERT: 497400