phpBB Updates

[WiZARD]

PHPBB URL Tag BBCode.PHP Vulnerability

The phpbb vendor reports that a critical vulnerability exists in the BBCode handling routines of the 'bbcode.php' script.

The bbcode [url] tag is not properly sanitized of user-supplied input. This could permit the injection of arbitrary HTML or script code into the browser of an unsuspecting user in the context of the affected site.

PHPBB URL Tag BBCode.PHP Vulnerability

Class: Input Validation Error
CVE: CVE-MAP-NOMATCH
Remote: Yes
Local: No
Published: May 09 2005 12:00AM
Updated: Jun 02 2005 08:09PM
Credit: Discovery of this issue is credited to Papados.
Vulnerable:
phpBB Group phpBB 2.0.14
phpBB Group phpBB 2.0.13
phpBB Group phpBB 2.0.12
phpBB Group phpBB 2.0.11
phpBB Group phpBB 2.0.10
phpBB Group phpBB 2.0.9
phpBB Group phpBB 2.0.8 a
phpBB Group phpBB 2.0.8
phpBB Group phpBB 2.0.7 a
phpBB Group phpBB 2.0.7
phpBB Group phpBB 2.0.6 d
phpBB Group phpBB 2.0.6 c
phpBB Group phpBB 2.0.6
phpBB Group phpBB 2.0.5
phpBB Group phpBB 2.0.4
phpBB Group phpBB 2.0.3
phpBB Group phpBB 2.0.2
phpBB Group phpBB 2.0.1
phpBB Group phpBB 2.0 .0
phpBB Group phpBB 2.0 RC4
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 RC3
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 RC2
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 RC1
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 Beta 1
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9

Not Vulnerable: phpBB Group phpBB 2.0.15

from www.securityfocus.com

[gesf]

Ops! What's this BBS version?
I like that CouCou box

[Alexei Kubarev]

if you ment this forums version: always the latest

[gesf]

[Alexei Kubarev]

gesf: we are not THAT stupid... not yet anyways... oh well.. not that we know..
hehe..