phpBB 1.x/2.0.x – Multiple Input Validation Vulnerabilities

29次阅读
没有评论

phpBB 1.x/2.0.x – Multiple Input Validation Vulnerabilities

漏洞ID 1054421 漏洞类型
发布时间 2004-03-22 更新时间 2004-03-22
phpBB 1.x/2.0.x - Multiple Input Validation VulnerabilitiesCVE编号 N/A
 		phpBB 1.x/2.0.x - Multiple Input Validation VulnerabilitiesCNNVD-ID N/A
漏洞平台 PHP CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23866
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/9942/info

It has been reported that phpBB may be prone to multiple vulnerabilities that could allow an attacker to carry out SQL injection and cross-site scripting attacks. These vulnerabilities result from insufficient sanitization of user-supplied input via the 'id' parameter of 'admin_smilies.php' module and the 'style_id' parameter of 'admin_styles' module.

phpBB versions 2.0.7a and prior are reported to be prone to these issues.

admin_smilies.php?mode=edit&id=[SQL]
admin_smilies.php?mode=delete&id=[SQL]
admin_smilies.php?mode=edit&id=[XSS]
admin_smilies.php?mode=delete&id=[XSS]
admin_styles.php?mode=edit&style_id=[SQL]
admin_styles.php?mode=delete&style_id=[SQL]
admin_styles.php?mode=edit&style_id=[XSS]
admin_styles.php?mode=delete&style_id=[XSS]

相关推荐: Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability

Microsoft FrontPage 2000 Server Extensions Denial Of Service Vulnerability 漏洞ID 1103991 漏洞类型 Failure to Handle Exceptional Conditi…

正文完
multiple phpbb 漏洞
发表至: 网络安全漏洞
2021年4月9日
 0
文章搜索
热门文章
随机文章