FreeBSD : Critical SQL injection in phpBB (70f5b3c6-80f0-11d8-9645-0020ed76ef5a)

High Nessus Plugin ID 36773


The remote FreeBSD host is missing a security-related update.


Anyone can get admin's username and password's md5 hash via a single web request. A working example is provided in the advisory.


Update the affected package.

See Also

Plugin Details

Severity: High

ID: 36773

File Name: freebsd_pkg_70f5b3c680f011d896450020ed76ef5a.nasl

Version: $Revision: 1.15 $

Type: local

Published: 2009/04/23

Modified: 2016/12/08

Dependencies: 12634

Risk Information

Risk Factor: High

Temporal Vector: CVSS2#E:ND/RL:U/RC:ND

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:phpbb, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: No exploit is required

Patch Publication Date: 2004/03/28

Vulnerability Publication Date: 2004/03/26

Reference Information

BID: 9984