Signature Detail
Short Name |
HTTP:PHP:PHPBB:HIGHLIGHT-EXEC2 |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
php phpbb |
Release Date |
2004/12/22 |
Update Number |
1213 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+ |
HTTP: phpBB Search Highlighting Arbitrary Command Execution (2)
This signature detects attempts to exploit a known vulnerability against phpBB. Attackers can send a malformed HTTP request to phpBB, to force phpBB to execute arbitrary PHP commands on the server with Web server permissions.
Extended Description
The 'viewtopic.php' phpBB script is prone to a remote PHP script injection vulnerability because the application fails to properly sanitize user-supplied URI parameters before using them to construct dynamically generated web pages. Exploiting this issue may allow a remote attacker to execute arbitrary commands in the context of the webserver that is hosting the vulnerable software.
Affected Products
- Gentoo Linux
- phpBB Group phpBB 1.0.0 .0
- phpBB Group phpBB 1.2.0 .0
- phpBB Group phpBB 1.2.1
- phpBB Group phpBB 1.4.0 .0
- phpBB Group phpBB 1.4.1
- phpBB Group phpBB 1.4.2
- phpBB Group phpBB 1.4.4
- phpBB Group phpBB 2.0.0 .0
- phpBB Group phpBB 2.0.0 Beta 1
- phpBB Group phpBB 2.0.0 RC1
- phpBB Group phpBB 2.0.0 RC2
- phpBB Group phpBB 2.0.0 RC3
- phpBB Group phpBB 2.0.0 RC4
- phpBB Group phpBB 2.0.1
- phpBB Group phpBB 2.0.2
- phpBB Group phpBB 2.0.3
- phpBB Group phpBB 2.0.4
- phpBB Group phpBB 2.0.5
- phpBB Group phpBB 2.0.6
- phpBB Group phpBB 2.0.6 c
- phpBB Group phpBB 2.0.6 d
- phpBB Group phpBB 2.0.7
- phpBB Group phpBB 2.0.7 a
- phpBB Group phpBB 2.0.8
- PHP-Nuke 7.0.0
- PHP-Nuke 7.1.0
- PHP-Nuke 7.2.0
- PHP-Nuke 7.3.0
- PHP-Nuke 7.4.0
- PHP-Nuke 7.5.0
- PHP-Nuke 7.6.0
- PHP-Nuke 7.7.0
- PHP-Nuke 7.8.0
- PHP-Nuke 7.9.0
- PNphpBB 1.2.0
- PNphpBB 1.2.0 f
- PNphpBB 1.2.0 g
References