icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

phpBB < 2.0.14 Cookie Authentication Bypass and SQL Injection Vulnerabilities

Medium

Synopsis

The remote host is running phpBB, a web-based forum application written in PHP.

Description

The remote host is running phpBB, a web-based forum application written in PHP. There is a flaw in this version of phpBB that will allow a remote attacker to gain elevated privileges due to a flaw in the way that phpBB handles autologin failure. Specifically, when an autologin fails, the 'user_id' value is reset, but the 'user_level' value remains the same. A successful attack would result in the attacker gaining access to potentially confidential data that may aid the attacker in gaining elevated privileges. There is a second flaw within the 'file_id' parameter of the 'dlman.php' script. Specifically, a failure to properly parse out malicious characters leads to a SQL injection vulnerability. An attacker exploiting this flaw needs to be able to send HTTP requests to the server. A successful attack would lead to reading of data, writing of data, and potentially arbitrary code execution.

Solution

Upgrade to version 2.0.14 or higher.