phpBB viewtopic.php highlight parameter vulnerability

2005-12-28T00:00:00
ID SAINT:2DD650797569B41E89BD6D85DC32071B
Type saint
Reporter SAINT Corporation
Modified 2005-12-28T00:00:00

Description

Added: 12/28/2005
CVE: CVE-2005-2086
BID: 14086
OSVDB: 17613

Background

phpBB is an open-source bulletin board package written in PHP.

Problem

This is a variant of an older vulnerability which allows remote command execution by requesting **viewtopic.php** with a specially crafted **highlight** parameter.

Resolution

Upgrade to the latest version of phpBB.

References

<http://archives.neohapsis.com/archives/bugtraq/2005-06/0256.html>