Ravens PHP Scripts

phpBB Arbitrary File Disclosure Vulnerability
Date: Wednesday, February 23, 2005 @ 15:37:02 CST
Topic: Security

Security Alert: phpBB Group phpBB Arbitrary File Disclosure Vulnerability! The remote exploitation of an input validation vulnerability in the phpBB Group's phpBB2 bulletin board system allows attackers to read the contents of arbitrary system files under the privileges of the web server.

Exploitation of this vulnerability allows remote attackers to view arbitrary system files under the privileges of the underlying web server. An attacker must have, or be able to create an account on the target system. Non-default settings must also be enabled for exploitation to be possible. Upon successful exploitation an attacker may be able to further compromise the system by gleaning system information that would otherwise be inaccessible to the attacker.

More information:
  • idefense
  • phpbb.com
  • mitre.org

    Chatserv believes that these issues have been fixed in 2.0.12. I am posting this for awareness, though, in the event you haven't fixed yours yet :)



    • This article comes from Ravens PHP Scripts
    https://www.ravenphpscripts.com

    The URL for this story is:
    https://www.ravenphpscripts.com/modules.php?name=News&file=article&sid=883