phpBB < 2.0.14 Cookie Authentication Bypass and SQL Injection Vulnerabilities
Medium Nessus Network Monitor Plugin ID 2674
SynopsisThe remote host is running phpBB, a web-based forum application written in PHP.
DescriptionThe remote host is running phpBB, a web-based forum application written in PHP. There is a flaw in this version of phpBB that will allow a remote attacker to gain elevated privileges due to a flaw in the way that phpBB handles autologin failure. Specifically, when an autologin fails, the 'user_id' value is reset, but the 'user_level' value remains the same. A successful attack would result in the attacker gaining access to potentially confidential data that may aid the attacker in gaining elevated privileges. There is a second flaw within the 'file_id' parameter of the 'dlman.php' script. Specifically, a failure to properly parse out malicious characters leads to a SQL injection vulnerability. An attacker exploiting this flaw needs to be able to send HTTP requests to the server. A successful attack would lead to reading of data, writing of data, and potentially arbitrary code execution.
SolutionUpgrade to version 2.0.14 or higher.