Threat Encyclopedia

phpBB.Viewtopic.Highlight.Code.Execution

description-logoDescription

This indicates a possible attempt to exploit a Remote Code Execution Vulnerability in phpBB bulletin board package.
phpBB is a high powered, fully scalable, and highly customizable
Open Source bulletin board package. A vulnerability has been reported in phpBB that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the highlight parameter value that is passed to "viewtopic.php". An attacker may include shell commands by supplying an injection string through the URL and a good string through POST or the COOKIE.

affected-products-logoAffected Products

phpBB 2.0.15 and prior versions.

Impact

System Compromise: Remote attackers can gain control of vulnerable systems

recomended-action-logoRecommended Actions

Upgrade to phpBB 2.0.16 or later versions from the following URL:

CVE References

CVE-2005-2086