Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
saintSAINT CorporationSAINT:48B2DE64370DD3616AD545A020414F16
HistoryDec 28, 2005 - 12:00 a.m.

phpBB viewtopic.php highlight parameter vulnerability

2005-12-2800:00:00
SAINT Corporation
my.saintcorporation.com
26

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.152 Low

EPSS

Percentile

95.7%

JSON

Added: 12/28/2005
CVE: CVE-2005-2086
BID: 14086
OSVDB: 17613

Background

phpBB is an open-source bulletin board package written in PHP.

Problem

This is a variant of an older vulnerability which allows remote command execution by requesting **viewtopic.php** with a specially crafted **highlight** parameter.

Resolution

Upgrade to the latest version of phpBB.

References

<http://archives.neohapsis.com/archives/bugtraq/2005-06/0256.html&gt;

Related

saint 3
nessus 3
canvas 1
openvas 3
ubuntucve 1
cve 1
freebsd 1
gentoo 1
dsquare 1
packetstorm 2
saint
saint
phpBB viewtopic.php highlight parameter vulnerability
2005-12-28 00:00:00
phpBB viewtopic.php highlight parameter vulnerability
2005-12-28 00:00:00
phpBB viewtopic.php highlight parameter vulnerability
2005-12-28 00:00:00
nessus
nessus
phpBB < 2.0.16 viewtopic.php Highlighting Feature Arbitrary PHP Code Execution
2005-06-29 00:00:00
FreeBSD : phpbb -- remote PHP code execution vulnerability (4afacca1-eb9d-11d9-a8bd-000cf18bbe54)
2005-07-13 00:00:00
GLSA-200507-03 : phpBB: Arbitrary command execution
2005-07-05 00:00:00
canvas
canvas
Immunity Canvas: PHPBB_HIGHLIGHT
2005-07-05 04:00:00
openvas
openvas
FreeBSD Ports: phpbb
2008-09-04 00:00:00
FreeBSD Ports: phpbb
2008-09-04 00:00:00
Gentoo Security Advisory GLSA 200507-03 (phpBB)
2008-09-24 00:00:00
ubuntucve
ubuntucve
CVE-2005-2086
2005-07-05 00:00:00
cve
cve
CVE-2005-2086
2005-07-05 04:00:00
freebsd
freebsd
phpbb -- remote PHP code execution vulnerability
2005-06-28 00:00:00
gentoo
gentoo
phpBB: Arbitrary command execution
2005-07-04 00:00:00
dsquare
dsquare
Phpbb RCE
2012-01-26 00:00:00
packetstorm
packetstorm
phpBB viewtopic.php Arbitrary Code Execution
2009-12-31 00:00:00
phpBB viewtopic.php Arbitrary Code Execution
2009-10-30 00:00:00

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.152 Low

EPSS

Percentile

95.7%

JSON
Related for SAINT:48B2DE64370DD3616AD545A020414F16
saint3nessus3canvas1openvas3ubuntucve1cve1freebsd1gentoo1dsquare1packetstorm2