FreeBSD : Critical SQL injection in phpBB (70f5b3c6-80f0-11d8-9645-0020ed76ef5a)

high Nessus Plugin ID 36773

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Anyone can get admin's username and password's md5 hash via a single web request. A working example is provided in the advisory.

Solution

Update the affected package.

See Also

https://marc.info/?l=bugtraq&m=108032454818873

http://www.nessus.org/u?dc0c9e50

Plugin Details

Severity: High

ID: 36773

File Name: freebsd_pkg_70f5b3c680f011d896450020ed76ef5a.nasl

Version: 1.20

Type: local

Published: 4/23/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpbb, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 3/28/2004

Vulnerability Publication Date: 3/26/2004

Reference Information

BID: 9984