Closed Thread
Results 1 to 1 of 1
Thread: phpbb exploit
LinkBack URL
About LinkBacks-
Administrator
- Join Date
- May 2004
- Posts
- 130
Dear Valued Customers,
You need to update phpBB a.s.a.p to phpBB 2.0.13..
* Technical Description *
Two vulnerabilities were reported in phpBB, which may be exploited by attackers to determine the installation path or bypass certain security features. The first problem resides in the "autologinid" (includes/sessions.php) variable and could be exploited by malicious users to gain administrator rights. The second flaw resides in the "viewtopic.php" script, and could be exploited to disclose the webroot path.
* Affected Products *
phpBB version 2.0.12 and prior
* Solution *
phpBB version 2.0.13 :
http://www.phpbb.com/downloads.php
* References *
http://www.k-otik.com/english/advisories/2005/0212
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563
* ChangeLog *
2005-02-28 : Original Advisory
Similar Threads
-
phpBB Upgrade
By Alan in forum Important AnnouncementsReplies: 0Last Post: 06-28-2005, 06:28 AM -
phpBB update
By Alan in forum Important AnnouncementsReplies: 0Last Post: 05-11-2005, 10:30 AM -
phpBB 2.0.13 released
By Alan in forum Important AnnouncementsReplies: 0Last Post: 02-28-2005, 06:44 AM -
phpBB 2.0.12 released
By Alan in forum Important AnnouncementsReplies: 0Last Post: 02-23-2005, 05:23 AM -
Santy.A - phpBB <= 2.0.10 Web Worm Source Code
By Alan in forum Important AnnouncementsReplies: 0Last Post: 12-28-2004, 08:00 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts