7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.963 High
EPSS
Percentile
99.5%
The ChangeLog for phpBB 2.0.11 states:
Changes since 2.0.10
Fixed vulnerability in highlighting code (very
high severity, please update your installation as soon
as possible)
Fixed unsetting global vars - Matt
Kavanagh
Fixed XSS vulnerability in username handling
- AnthraX101
Fixed not confirmed sql injection in username handling
- warmth
Added check for empty topic id in topic_review
function
Added visual confirmation mod to code base
Additionally, a US-CERT Technical Cyber Security Alert reports:
phpBB contains an user input validation problem with
regard to the parsing of the URL. An intruder can deface a
phpBB website, execute arbitrary commands, or gain
administrative privileges on a compromised bulletin
board.