HTTP: phpBB search_id SQL Injection
This signature detects attempts to exploit a known vulnerability in phpBB, an open-source bulletin board package. The search_id parameter in phpBB is vulnerable to SQL injection. Attackers can query private data (such as hashed passwords) then embed the password in a cookie to gain adminstrative access to the Web site.
Extended Description
It has been reported that phpBB may be prone to a SQL injection vulnerability that may allow an attacker to disclose sensitive information by supplying malicious SQL code to the underlying database. phpBB version 2.06 has been prone to this issue, however other versions may be affected as well.
Affected Products
Phpbb_group phpbb
References
BugTraq: 9122
CVE: CVE-2003-1216
URL: http://www.securityfocus.com/archive/1/345872/2003-11-22/2003-11-28/2 http://xforce.iss.net/xforce/xfdb/13867
Short Name
HTTP:PHP:PHPBB:SEARCH-INJECT
Severity
Minor
Recommended
False
Recommended Action
None
Category
HTTP
Keywords
CVE-2003-1216 Injection SQL bid:9122 phpBB search_id
Release Date
12/04/2003
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3375
False Positive
Unknown
Vendors
Phpbb_group
CVSS Score
7.5