Release DateJan 05, 2012 |
Severityhigh |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems |
DescriptionThis indicates a possible attempt to exploit a Remote Code Execution Vulnerability in phpBB bulletin board package.phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin board package. A vulnerability has been reported in phpBB that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the highlight parameter value that is passed to "viewtopic.php". An attacker may include shell commands by supplying an injection string through the URL and a good string through POST or the COOKIE. |
Affected ProductsphpBB 2.0.15 and prior versions. |
Recommended ActionsUpgrade to phpBB 2.0.16 or later versions from the following URL:http://www.phpbb.com/downloads.php |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2005-2086 |
Reference/shttp://www.securityfocus.com/bid/14086 (BugTraq) |
