PHPBB.RegisterGlobals.Deregistration.Bypass

description-logoDescription

This indicates a possible exploit of a buffer overflow vulnerability in phpBB, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks, bypass certain security restrictions, and compromise a vulnerable system.
This is due to some errors where global variables defined by the user is not properly unset. This can be exploited in combination with certain input validation errors to execute arbitrary HTML and script code in a users browser session in context of an affected site, manipulate SQL queries by injecting arbitrary SQL code, and inject and execute arbitrary PHP code. Successful exploitation requires that register_globals is enabled and that the server runs PHP 5.

affected-products-logoAffected Products

PHPBB version 2.0.17 and prior.

Impact logoImpact

Compromise of the affected system.

recomended-action-logoRecommended Actions

Apply appropriate patch from the vendor if available.

Telemetry logoTelemetry

Coverage

IPS (Regular DB)
IPS (Extended DB)

References

1