HTTP: phpBB Language Preference Arbitrary File Execution
This signature detects attempts to exploit a vulnerability in the prefs.php script that ships with phpBB 1.4. Attackers can send a maliciously crafted request to prefs.php to execute files on the host as a PHP script.
Extended Description
A SQL injection vulnerability has been reported in phpBB2. phpBB2, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries. As a result, attackers may supply malicious parameters to manipulate the structure and logic of SQL queries. This may result in unauthorized operations being performed on the underlying database. This issue may be exploited to cause sensitive information to be disclosed to a remote attacker.
Affected Products
Phpbb_group phpbb
Short Name
HTTP:PHP:PHPBB:LANG-EXEC
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
Arbitrary Execution File Language Preference bid:6888 phpBB
Release Date
04/22/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Phpbb_group