phpBB < 3.0.2 Multiple Information Disclosure Vulnerabilities

High Nessus Network Monitor Plugin ID 4585

Synopsis

The remote host is missing a critical security patch or upgrade.

Description

According to its banner, the remote host is running a version of phpBB that is vulnerable to several flaws. While the vendor has not released specific information regarding the flaws, it is believed that an attacker would be able to redirect valid phpBB users to malicious sites.

Solution

Upgrade to version 3.0.2 or higher.

See Also

http://www.phpbb.com/community/viewtopic.php?f=14&amp;t=1059565&amp;sid=2d3a6352a484588e1ad80f09dd19fe33

Plugin Details

Severity: High

ID: 4585

Family: CGI

Published: 2004/08/18

Modified: 2016/01/22

Dependencies: 1442

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:ND

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:X

Reference Information

BID: 30222