Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0473

Overview

Vulnerability Score 10.0 10.0
CVE Id CVE-2002-0473
Last Modified 16 Jul 2013 10:20:55
Published 12 Aug 2002 12:00:00
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0473

Summary

db.php in phBB 2.0 (aka phBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.

Vulnerable Systems

Application

  • Phpbb Group Phpbb 2.0 Beta1

  • Phpbb Group Phpbb 2.0 Rc1

  • Phpbb Group Phpbb 2.0 Rc2

  • Phpbb Group Phpbb 2.0 Rc3


References

BID - 4380

XF - phpbb-db-command-execution(8476)

CONFIRM - http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip

MISC - http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483

VULN-DEV - 20020318 phpBB2 remote execution command

OSVDB - 4268

BUGTRAQ - 20020318 Re: phpBB2 remote execution command (fwd)


Last Updated: 27 May 2016 10:36:56