Detections
Analytics
phpBB < 2.0.14 Cookie Authentication Bypass and SQL Injection Vulnerabilities
medium Nessus Network Monitor Plugin ID 2674
Synopsis
The remote host is running phpBB, a web-based forum application written in PHP.Description
The remote host is running phpBB, a web-based forum application written in PHP. There is a flaw in this version of phpBB that will allow a remote attacker to gain elevated privileges due to a flaw in the way that phpBB handles autologin failure. Specifically, when an autologin fails, the 'user_id' value is reset, but the 'user_level' value remains the same. A successful attack would result in the attacker gaining access to potentially confidential data that may aid the attacker in gaining elevated privileges. There is a second flaw within the 'file_id' parameter of the 'dlman.php' script. Specifically, a failure to properly parse out malicious characters leads to a SQL injection vulnerability. An attacker exploiting this flaw needs to be able to send HTTP requests to the server. A successful attack would lead to reading of data, writing of data, and potentially arbitrary code execution.Solution
Upgrade to version 2.0.14 or higher.See Also
http://archives.neohapsis.com/archives/bugtraq/2005-03/0059.html
http://archives.neohapsis.com/archives/bugtraq/2005-03/0085.html
http://archives.neohapsis.com/archives/bugtraq/2005-04/0056.html
http://archives.neohapsis.com/archives/bugtraq/2005-04/0063.html
Plugin Details
Severity: Medium
ID: 2674
Family: CGI
Published: 3/7/2005
Updated: 3/6/2019
Nessus ID: 17301
Risk Information
VPR
Risk Factor: Medium
Score: 6.6
CVSS v2
Risk Factor: Medium
Base Score: 6.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS v3
Risk Factor: Medium
Base Score: 6.3
Temporal Score: 6.2
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:H/RL:W/RC:X
Vulnerability Information
CPE: cpe:/a:phpbb_group:phpbb