Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200507-03
HistoryJul 04, 2005 - 12:00 a.m.

phpBB: Arbitrary command execution

2005-07-0400:00:00
Gentoo Foundation
security.gentoo.org
8

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.152 Low

EPSS

Percentile

95.8%

JSON

Background

phpBB is an Open Source bulletin board package.

Description

Ron van Daal discovered that phpBB contains a vulnerability in the highlighting code.

Impact

Successful exploitation would grant an attacker unrestricted access to the PHP exec() or system() functions, allowing the execution of arbitrary commands with the rights of the web server.

Workaround

Please follow the instructions given in the phpBB announcement.

Resolution

The phpBB package is no longer supported by Gentoo Linux and has been masked in the Portage repository, no further announcements will be issued regarding phpBB updates. Users who wish to continue using phpBB are advised to monitor and refer to www.phpbb.com for more information.

To continue using the Gentoo-provided phpBB package, please refer to the Portage documentation on unmasking packages and upgrade to 2.0.16.

OSVersionArchitecturePackageVersionFilename
Gentooanyallwww-apps/phpbb< 2.0.16UNKNOWN

Related

nessus 3
openvas 3
cve 1
freebsd 1
ubuntucve 1
saint 4
canvas 1
dsquare 1
packetstorm 2
nessus
nessus
FreeBSD : phpbb -- remote PHP code execution vulnerability (4afacca1-eb9d-11d9-a8bd-000cf18bbe54)
2005-07-13 00:00:00
phpBB < 2.0.16 viewtopic.php Highlighting Feature Arbitrary PHP Code Execution
2005-06-29 00:00:00
GLSA-200507-03 : phpBB: Arbitrary command execution
2005-07-05 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200507-03 (phpBB)
2008-09-24 00:00:00
FreeBSD Ports: phpbb
2008-09-04 00:00:00
FreeBSD Ports: phpbb
2008-09-04 00:00:00
cve
cve
CVE-2005-2086
2005-07-05 04:00:00
freebsd
freebsd
phpbb -- remote PHP code execution vulnerability
2005-06-28 00:00:00
ubuntucve
ubuntucve
CVE-2005-2086
2005-07-05 00:00:00
saint
saint
phpBB viewtopic.php highlight parameter vulnerability
2005-12-28 00:00:00
phpBB viewtopic.php highlight parameter vulnerability
2005-12-28 00:00:00
phpBB viewtopic.php highlight parameter vulnerability
2005-12-28 00:00:00
canvas
canvas
Immunity Canvas: PHPBB_HIGHLIGHT
2005-07-05 04:00:00
dsquare
dsquare
Phpbb RCE
2012-01-26 00:00:00
packetstorm
packetstorm
phpBB viewtopic.php Arbitrary Code Execution
2009-12-31 00:00:00
phpBB viewtopic.php Arbitrary Code Execution
2009-10-30 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.152 Low

EPSS

Percentile

95.8%

JSON
Related for GLSA-200507-03
nessus3openvas3cve1freebsd1ubuntucve1saint4canvas1dsquare1packetstorm2