CERTA-2005-AVI-096
Vulnerability from certfr_avis - Published: 2005-03-02 - Updated: 2005-07-11
Deux vulnérabilités ont été découvertes dans l'outil phpBB.
Description
L'outil phpBB est utilisé pour la mise en place de forums sur l'Internet. La première vulnérabilité, présente dans le fichier sessions.php, permet d'obtenir les droits de l'administrateur du forum. La seconde vulnérabilité, présente dans le fichier viewtopic.php, permet de visualiser l'arborescence du répertoire web.
Solution
La version 2.0.13 corrige ces vulnérabilités.
phpBB versions 2.0.12 et antérieures.
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | |
|---|---|---|---|
|
|
|||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cTT\u003ephpBB\u003c/TT\u003e versions 2.0.12 et ant\u00e9rieures.",
"content": "## Description\n\nL\u0027outil phpBB est utilis\u00e9 pour la mise en place de forums sur\nl\u0027Internet. La premi\u00e8re vuln\u00e9rabilit\u00e9, pr\u00e9sente dans le fichier\nsessions.php, permet d\u0027obtenir les droits de l\u0027administrateur du forum.\nLa seconde vuln\u00e9rabilit\u00e9, pr\u00e9sente dans le fichier viewtopic.php, permet\nde visualiser l\u0027arborescence du r\u00e9pertoire web.\n\n## Solution\n\nLa version 2.0.13 corrige ces vuln\u00e9rabilit\u00e9s.\n",
"cves": [],
"initial_release_date": "2005-03-02T00:00:00",
"last_revision_date": "2005-07-11T00:00:00",
"links": [
{
"title": "Bulletin de s\u00e9curit\u00e9 iDEFENSE id=204 du 02.22.05 :",
"url": "http://www.idefense.com/application/poi/display?id=204\u0026type=vulnerabilities"
},
{
"title": "Bulletins de s\u00e9curit\u00e9 FreeBSD du 28 f\u00e9vrier 2005 et du 09 juillet 2005 :",
"url": "http://www.vuxml.org/freebsd/pkg-phpbb.html"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 iDEFENSE id=205 du 02.22.05 :",
"url": "http://www.idefense.com/application/poi/display?id=205\u0026type=vulnerabilities"
},
{
"title": "Bulletin de s\u00e9curit\u00e9 Gentoo GLSA 2005:03-02 du 01 mars 2005 :",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml"
},
{
"title": "Site de phpBB :",
"url": "http://www.phpbb.com"
}
],
"reference": "CERTA-2005-AVI-096",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2005-03-02T00:00:00.000000"
},
{
"description": "ajout des bulletins de s\u00e9curit\u00e9 iDEFENSE id=204 et id=205, du bulletin suppl\u00e9mentaire FreeBSD ainsi que des r\u00e9f\u00e9rences CVE CAN-2005-0258 et CVE CAN-2005-0259.",
"revision_date": "2005-07-11T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "Obtention des droits de l\u0027administrateur du forum"
}
],
"summary": "Deux vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans l\u0027outil phpBB.\n",
"title": "Vuln\u00e9rabilit\u00e9s dans phpBB",
"vendor_advisories": [
{
"published_at": null,
"title": "Message post\u00e9 sur le site de phpBB le 27 f\u00e9vrier 2005",
"url": "http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=267563"
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…