phpBB: HTML code injection attempt
Description
Using the signature_bbcode_uid parameter, an attacker could use a specially crafted URL to execute arbitrary code on the server.
Default
configuration
Profiles
High
Medium
Low
Internet
Action
Block
Block
Pass
Block
Alarm Level
Minor
Minor
Minor
Minor
References
URL:
http://www.hardened-php.net/advisory_172005.75.html
URL:
http://www.frsirt.com/exploits/20051224.r57phpbb2017.pl.php
Available since
ASQ v3.2.0
Protects
phpBB Remote Command Execution and SQL Injection Vulnerabilities
100 last CVE
CVE-2005-3419
CVE-2005-3418
CVE-2005-3417
CVE-2005-3416
CVE-2005-3415
Risk level
Moderate
