phpBB viewtopic.php highlight Parameter SQL Injection (ESMARKCONANT)
High Nessus Plugin ID 15780
SynopsisA remote web application is vulnerable to SQL injection.
DescriptionThe remote host is running phpBB. There is a flaw in the remote software that could allow anyone to inject arbitrary SQL commands in the login form. An attacker could exploit this flaw to bypass the authentication of the remote host or execute arbitrary SQL statements against the remote database.
ESMARKCONANT is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.
SolutionUpgrade to the latest version of this software.