Overview
phpBB is an open-source bulletin board program. A user input validation problem exists with regard to language settings. An intruder can excute arbitrary php code and gain a shell with the privileges of the web server on the system.
Description
Version 1.4.0 and earlier have a user input validation problem that can lead to the execution of arbitrary php code. The remote user can specify what language they would like to use and phpBB will set several critical variables based on the language file loaded. If a user specifies a non-existant language, phpBB does not check if the input is valid and no language file is loaded. The intruder can use a specially crafted URL to set the variables that should have been set by the language file. The variables are then processed by eval() and the intruder's php code is executed. |
Impact
An intruder can excute arbitrary php code and gain a shell with the privileges of the web server on the system. |
Solution
Upgrade to phpBB version 1.4.1. |
Vendor Information
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | ||
| Temporal | ||
| Environmental |
References
Acknowledgements
This vulnerability was discovered by kill-9
This document was written by Jason Rafail.
Other Information
| CVE IDs: | None |
| Severity Metric: | 17.21 |
| Date Public: | 2001-08-03 |
| Date First Published: | 2001-09-10 |
| Date Last Updated: | 2001-09-13 17:34 UTC |
| Document Revision: | 11 |