PHPBB URL Tag BBCode.PHP Vulnerability
The phpbb vendor reports that a critical vulnerability exists in the BBCode handling routines of the 'bbcode.php' script.
The bbcode [url] tag is not properly sanitized of user-supplied input. This could permit the injection of arbitrary HTML or script code into the browser of an unsuspecting user in the context of the affected site.
PHPBB URL Tag BBCode.PHP Vulnerability
Class: Input Validation Error
CVE: CVE-MAP-NOMATCH
Remote: Yes
Local: No
Published: May 09 2005 12:00AM
Updated: Jun 02 2005 08:09PM
Credit: Discovery of this issue is credited to Papados.
Vulnerable:
phpBB Group phpBB 2.0.14
phpBB Group phpBB 2.0.13
phpBB Group phpBB 2.0.12
phpBB Group phpBB 2.0.11
phpBB Group phpBB 2.0.10
phpBB Group phpBB 2.0.9
phpBB Group phpBB 2.0.8 a
phpBB Group phpBB 2.0.8
phpBB Group phpBB 2.0.7 a
phpBB Group phpBB 2.0.7
phpBB Group phpBB 2.0.6 d
phpBB Group phpBB 2.0.6 c
phpBB Group phpBB 2.0.6
phpBB Group phpBB 2.0.5
phpBB Group phpBB 2.0.4
phpBB Group phpBB 2.0.3
phpBB Group phpBB 2.0.2
phpBB Group phpBB 2.0.1
phpBB Group phpBB 2.0 .0
phpBB Group phpBB 2.0 RC4
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 RC3
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 RC2
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 RC1
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
phpBB Group phpBB 2.0 Beta 1
- Apache Software Foundation Apache 1.3.9
- Apache Software Foundation Apache for Windows 1.3.9
Not Vulnerable: phpBB Group phpBB 2.0.15
from www.securityfocus.com
phpBB Updates
Moderators: egami, macek, gesf
Ops! What's this BBS version?
I like that CouCou box
I like that CouCou box

Sincerely,
Gonçalo "gesf" Fontoura
gesf.org | sessionstart.com | urlms.com
Gonçalo "gesf" Fontoura
gesf.org | sessionstart.com | urlms.com
- Alexej Kubarev
- Site Admin
- Posts: 2213
- Joined: Fri Mar 05, 2004 7:15 am
- Location: Täby, Stockholms län
- Contact:

Sincerely,
Gonçalo "gesf" Fontoura
gesf.org | sessionstart.com | urlms.com
Gonçalo "gesf" Fontoura
gesf.org | sessionstart.com | urlms.com
- Alexej Kubarev
- Site Admin
- Posts: 2213
- Joined: Fri Mar 05, 2004 7:15 am
- Location: Täby, Stockholms län
- Contact: