FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpbb -- remote PHP code execution vulnerability

Affected packages
phpbb < 2.0.16

Details

VuXML ID 4afacca1-eb9d-11d9-a8bd-000cf18bbe54
Discovery 2005-06-28
Entry 2005-07-03
Modified 2005-07-07

FrSIRT Advisory reports:

A vulnerability was identified in phpBB, which may be exploited by attackers to compromise a vulnerable web server. This flaw is due to an input validation error in the "viewtopic.php" script that does not properly filter the "highlight" parameter before calling the "preg_replace()" function, which may be exploited by remote attackers to execute arbitrary PHP commands with the privileges of the web server.

References

CVE Name CVE-2005-2086
URL http://www.frsirt.com/english/advisories/2005/0904
URL http://www.phpbb.com/phpBB/viewtopic.php?t=302011