phpbb -- Insuffient check against HTML code in usercp_register.php

ID 4A0B334D-8D8D-11D9-AFA0-003048705D5A
Type freebsd
Reporter FreeBSD
Modified 2005-03-07T00:00:00


Neo Security Team reports:

If we specify a variable in the html code (any type: hidden, text, radio, check, etc) with the name allowhtml, allowbbcode or allowsmilies, is going to be on the html, bbcode and smilies in our signature.

This is a low risk vulnerability that allows users to bypass forum-wide configuration.