phpbb -- remote PHP code execution vulnerability

2005-06-28T00:00:00
ID 4AFACCA1-EB9D-11D9-A8BD-000CF18BBE54
Type freebsd
Reporter FreeBSD
Modified 2005-07-07T00:00:00

Description

FrSIRT Advisory reports:

A vulnerability was identified in phpBB, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the "viewtopic.php" script that does not properly filter the "highlight" parameter before calling the "preg_replace()" function, which may be exploited by remote attackers to execute arbitrary PHP commands with the privileges of the web server.