phpBB < 2.0.11 Multiple Vulnerabilities (ESMARKCONANT)

High Nessus Plugin ID 16200

Synopsis

Arbitrary code may be run on the remote server.

Description

The remote host is running a version of phpBB older than 2.0.11. It is reported that this version of phpBB is susceptible to a script injection vulnerability which may allow an attacker to execute arbitrary code on the remote host. In addition, phpBB has been reported to multiple SQL injections, although Nessus has not checked for them.

ESMARKCONANT is one of multiple Equation Group vulnerabilities and exploits disclosed on 2017/04/14 by a group known as the Shadow Brokers.

Solution

Upgrade to phpBB 2.0.11 or later.

Plugin Details

Severity: High

ID: 16200

File Name: phpbb_viewtopic_script_injection.nasl

Version: 1.20

Type: remote

Family: CGI abuses

Published: 2005/01/18

Updated: 2018/07/24

Dependencies: 15779

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSS v3.0

Base Score: 7.3

Temporal Score: 6.7

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: cpe:/a:phpbb_group:phpbb

Required KB Items: www/phpBB

Exploit Available: false

Exploit Ease: No exploit is required

Vulnerability Publication Date: 2004/11/12

Exploitable With

Metasploit (phpBB viewtopic.php Arbitrary Code Execution)

Reference Information

CVE: CVE-2004-1315

BID: 10701

CERT: 497400

EDB-ID: 647