phpBB.Viewtopic.Highlight.Code.Execution
Description
This indicates a possible attempt to exploit a Remote Code Execution Vulnerability in phpBB bulletin board package.
phpBB is a high powered, fully scalable, and highly customizable
Open Source bulletin board package. A vulnerability has been reported in phpBB that may allow an attacker to execute shell commands on a vulnerable system. This is possible because the user input filters fail to properly sanitize the highlight parameter value that is passed to "viewtopic.php". An attacker may include shell commands by supplying an injection string through the URL and a good string through POST or the COOKIE.
Affected Products
phpBB 2.0.15 and prior versions.
Impact
System Compromise: Remote attackers can gain control of vulnerable systems
Recommended Actions
Upgrade to phpBB 2.0.16 or later versions from the following URL:
Telemetry
Coverage
IPS (Regular DB) | |
IPS (Extended DB) |
Version Updates
Date | Version | Detail |
---|---|---|
2019-11-22 | 15.729 | Name:PHPBB. Viewtopic. Highlight. Code. Execution:phpBB. Viewtopic. Highlight. Code. Execution |