• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: PHPBB 'bb_memberlist.php' Remote SQL Query Manipulation Vulnerability

Severity: HIGH

Description:

phpBB is free, open-source forums software that is written in PHP and backended by MySQL.

A vulnerability exists in phpBB which makes it possible for a malicious user to remotely manipulate the logic of SQL queries.

The following is an excerpt of the vulnerable code:

---

switch($sortby) {
case '':
[...]
case 'posts':
[...]
}

$sql = "SELECT * FROM users WHERE [...] ORDER BY $sortby";

---

This issue is caused by a missing "default:" label in a 'switch' block in 'bb_memberlist.php'. As a result, it may be possible to view, delete or modify data in the MySQL database.

Affected Products:

• phpBB Group phpBB 1.4.2

References:

• phpBB: phpBB Homepage

Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.