GEN:SID | 1:2229 |
Message | WEB-PHP viewtopic.php access |
Summary | This event is generated when an attempt is made to exploit a known vulnerability in the PHP application phpBB.
|
Impact | Information disclosure possibly leading to serious system compromise.
|
Detailed Information | Some versions of phpBB Group phpBB suffer from a vulnerability that allows an attacker to inject SQL queries of their choosing.
This can result in the disclosure of passwords and other information stored in the database. The data contained in the database may also be corrupted by a malicious SQL query.
|
Affected Systems | phpBB Group phpBB 2.0.4, 2.0.5
|
Attack Scenarios | The attacker can execute one of the publicly available exploit scripts. |
Ease of Attack | Simple. Exploit code exists.
|
Corrective Action | Upgrade to the latest non-affected version of the software.
|
Additional References | |
Rule References | bugtraq: 7979
cve: 2003-0486
nessus: 11767
|