Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:10548
HistoryDec 06, 2005 - 12:00 a.m.

phpBB Blog 2.2.2 SQL inj. vuln.

2005-12-0600:00:00
vulners.com
9
JSON

phpBB Blog 2.2.2 SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 5 dec. 2005
orginal advisory:http://pridels.blogspot.com/2005/12/phpbb-blog-222-sql-inj-vuln.html
vendor:http://www.outshine.com/phpbbblog/
affected version:2.2.2 and prior

Product Description:
This is a blog system for phpBB. It features an RSS feed, trackbacks, permalinks, support for BBCode and smileys, monthly archives (MySQL only), preliminary support for PostgreSQL and MS SQL, 7 optional stylesheets, integration with the phpBB Podcast mod, and GEO meta tags. Version 2.2.1 added a nice calendar. Version 2.2.2 contains bugfixes.

Vuln. Description:
Input passed to the "permalink" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/?permalink=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

JSON