phpBB viewtopic.php highlight parameter vulnerability

Added: 12/28/2005
CVE: CVE-2005-2086
BID: 14086
OSVDB: 17613

Background

phpBB is an open-source bulletin board package written in PHP.

Problem

This is a variant of an older vulnerability which allows remote command execution by requesting viewtopic.php with a specially crafted highlight parameter.

Resolution

Upgrade to the latest version of phpBB.

References

http://archives.neohapsis.com/archives/bugtraq/2005-06/0256.html

Back to exploit index