Detections
Analytics

phpBB < 3.0.2 Multiple Information Disclosure Vulnerabilities

medium Nessus Network Monitor Plugin ID 4585

Synopsis

The remote host is missing a critical security patch or upgrade.

Description

According to its banner, the remote host is running a version of phpBB that is vulnerable to several flaws. While the vendor has not released specific information regarding the flaws, it is believed that an attacker would be able to redirect valid phpBB users to malicious sites.

Solution

Upgrade to version 3.0.2 or higher.

See Also

http://www.phpbb.com/community/viewtopic.php?f=14&t=1059565&sid=2d3a6352a484588e1ad80f09dd19fe33

Plugin Details

Severity: Medium

ID: 4585

Family: CGI

Published: 8/18/2004

Updated: 3/6/2019

Risk Information

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.5

Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:X

Reference Information

BID: 30222