FreeBSD : phpbb -- remote PHP code execution vulnerability (4afacca1-eb9d-11d9-a8bd-000cf18bbe54)
High Nessus Plugin ID 18928
SynopsisThe remote FreeBSD host is missing a security-related update.
DescriptionFrSIRT Advisory reports :
A vulnerability was identified in phpBB, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the 'viewtopic.php' script that does not properly filter the 'highlight' parameter before calling the 'preg_replace()' function, which may be exploited by remote attackers to execute arbitrary PHP commands with the privileges of the web server.
SolutionUpdate the affected package.