phpBB Administrator Session Handling Critical Security Updat

글쓴이: 이은태 / 작성시간: 수, 2005/03/02 - 10:57오전

http://www.k-otik.com/english/advisories/2005/0212

phpBB Administrator Session Handling Critical Security Update

K-OTik Security Advisory : KOTIK/ADV-2005-0212
CVE Reference : GENERIC-MAP-NOMATCH
Rated as : High
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2005-02-28

* Technical Description *

Two vulnerabilities were reported in phpBB, which may be exploited by attackers to determine the installation path or bypass certain security features. The first problem resides in the "autologinid" (includes/sessions.php) variable and could be exploited by malicious users to gain administrator rights. The second flaw resides in the "viewtopic.php" script, and could be exploited to disclose the webroot path.

* Affected Products *

phpBB version 2.0.12 and prior

* Solution *

phpBB version 2.0.13 :
http://www.phpbb.com/downloads.php

* References *

http://www.k-otik.com/english/advisories/2005/0212
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=267563

* ChangeLog *

2005-02-28 : Original Advisory

ㅡ.ㅡ;

Forums:

뉴스, 새소식

부 메뉴

phpBB Administrator Session Handling Critical Security Updat

주 메뉴

둘러보기

부 메뉴

현재 위치

phpBB Administrator Session Handling Critical Security Updat

주 메뉴

검색 폼

둘러보기

사용자 로그인

Oauth2 Login :