phpbb -- Insuffient check against HTML code in usercp_register.php

2005-02-28T00:00:00
ID 4A0B334D-8D8D-11D9-AFA0-003048705D5A
Type freebsd
Reporter FreeBSD
Modified 2005-03-07T00:00:00

Description

Neo Security Team reports:

If we specify a variable in the html code (any type: hidden, text, radio, check, etc) with the name allowhtml, allowbbcode or allowsmilies, is going to be on the html, bbcode and smilies in our signature.

This is a low risk vulnerability that allows users to bypass forum-wide configuration.