SQL Injection In PhpBB (3) Network Vulnerability

Summary

The remote host is running a version of phpBB older than 2.0.9. There is a flaw in the remote software which may allow anyone to inject arbitrary SQL commands, which may in turn be used to gain administrative access on the remote host or to obtain the MD5 hash of the password of any user. One vulnerability is reported to exist in 'admin_board.php'. The other pertains to improper characters in the session id variable.

Solution

Upgrade to the latest version of this software

Severity

Classification

CVSS	Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P

Related Vulnerabilities

Adobe ColdFusion Directory Traversal Vulnerability
Apache Struts2 Redirection and Security Bypass Vulnerabilities
Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
ASUS RT56U Router Multiple Vulnerabilities
Apache Struts2 'URL' & 'Anchor' tags Arbitrary Java Method Execution Vulnerabilities

SQL injection in phpBB (3)

Take action and discover your vulnerabilities