RE: [Fwd: phpBB 2.0.16 released]
From: ronvdaal (ronvdaal_at_zarathustra.linux666.com)
Date: 06/28/05
- Previous message: Mandriva Security Team: "MDKSA-2005:107 - Updated ImageMagick packages fix vulnerabilities"
- In reply to: Richard Stanway: "RE: [Fwd: phpBB 2.0.16 released]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 28 Jun 2005 23:00:31 +0200 (CEST) To: bugtraq@securityfocus.com
>> The changelog (contained within this release) is as follows:
>> - Fixed critical issue with highlighting - Discovered and fix provided by
>> Ron van Daal
>
> Does anyone know what the scope of this vulnerability actually is? "Critical
> issue" isn't really enough to go on here. Are we talking arbitrary PHP code
> execution or something lesser like SQL injection or slipping HTML into the
> bbCode? Neither the phpBB Changelog or any advisories seem to mention what
> the scope of this is. I'm guessing it's arbitrary PHP code execution based
> on what previous vulnerabilities in phpBB have yielded, but it would be nice
> to know for sure.
It's highly critical. It allows one to inject PHP code.
Please see my next message, I'm releasing my advisory.
Kind regards,
Syntonix
- Previous message: Mandriva Security Team: "MDKSA-2005:107 - Updated ImageMagick packages fix vulnerabilities"
- In reply to: Richard Stanway: "RE: [Fwd: phpBB 2.0.16 released]"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
