Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

phpBB < 2.0.14 Cookie Authentication Bypass and SQL Injection Vulnerabilities

Medium

Synopsis

The remote host is running phpBB, a web-based forum application written in PHP.

Description

The remote host is running phpBB, a web-based forum application written in PHP. There is a flaw in this version of phpBB that will allow a remote attacker to gain elevated privileges due to a flaw in the way that phpBB handles autologin failure. Specifically, when an autologin fails, the 'user_id' value is reset, but the 'user_level' value remains the same. A successful attack would result in the attacker gaining access to potentially confidential data that may aid the attacker in gaining elevated privileges. There is a second flaw within the 'file_id' parameter of the 'dlman.php' script. Specifically, a failure to properly parse out malicious characters leads to a SQL injection vulnerability. An attacker exploiting this flaw needs to be able to send HTTP requests to the server. A successful attack would lead to reading of data, writing of data, and potentially arbitrary code execution.

Solution

Upgrade to version 2.0.14 or higher.