Detections
Analytics
phpBB <= 2.0.11 Multiple Vulnerabilities
medium Nessus Plugin ID 17205
Language:
Synopsis
The remote web server contains a PHP application that is affected by multiple vulnerabilities.Description
The remote host is running phpBB version 2.0.11 or older. Such versions suffer from multiple vulnerabilities:- full path display on critical messages.
- full path disclosure in username handling caused by a PHP 4.3.10 bug.
- arbitrary file disclosure vulnerability in avatar handling functions.
- arbitrary file unlink vulnerability in avatar handling functions.
- path disclosure bug in search.php caused by a PHP 4.3.10 bug.
- path disclosure bug in viewtopic.php caused by a PHP 4.3.10 bug.
The path disclosure vulnerabilities can be exploited by remote attackers to reveal sensitive information about the installation that can be used in further attacks against the target.
To exploit the avatar handling vulnerabilities, 'Enable gallery avatars' must be enabled on the target (by default, it is disabled) and an attacker have a phpBB account on the target.
Solution
Upgrade to phpBB 2.0.12 or later.Plugin Details
Severity: Medium
ID: 17205
File Name: phpbb_2_0_11.nasl
Version: 1.20
Type: remote
Family: CGI abuses
Published: 2/23/2005
Updated: 4/11/2022
Configuration: Enable thorough checks
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.7
CVSS v2
Risk Factor: Medium
Base Score: 5
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
Vulnerability Information
CPE: cpe:/a:phpbb_group:phpbb
Required KB Items: www/phpBB
Excluded KB Items: Settings/disable_cgi_scanning
Exploit Ease: No exploit is required
Patch Publication Date: 2/21/2005
Vulnerability Publication Date: 2/21/2005
Reference Information
CVE: CVE-2005-0258, CVE-2005-0259