phpBB < 2.0.11 Multiple Vulnerabilities (ESMARKCONANT)
High Nessus Plugin ID 16200
SynopsisArbitrary code may be run on the remote server.
DescriptionThe remote host is running a version of phpBB older than 2.0.11. It is reported that this version of phpBB is susceptible to a script injection vulnerability which may allow an attacker to execute arbitrary code on the remote host. In addition, phpBB has been reported to multiple SQL injections, although Nessus has not checked for them.
ESMARKCONANT is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.
SolutionUpgrade to phpBB 2.0.11 or later.