phpBB 'bbcode.php' Input Validation Flaw May Let Remote Users Execute Arbitrary Scripting Code
SecurityTracker Alert ID: 1013918|
SecurityTracker URL: http://securitytracker.com/id/1013918
(Links to External Site)
Date: May 9 2005
Execution of arbitrary code via network, User access via network|
Fix Available: Yes Vendor Confirmed: Yes |
Version(s): prior to 2.0.15|
Paul Laudanski reported a vulnerability in phpBB in the processing of BBCode. A remote user may be able to cause scripting code to be executed by the target user.|
The make_clickable() function in the 'includes/bbcode.php' file does not properly validate user-supplied BBCode URLs. A remote user can create specially crafted BBCode that may be able to cause arbitrary scripting code to be executed by the target user's browser.
Papados from CastleCops discovered this vulnerability.
A remote user may be able to cause arbitrary scripting code to be executed by the target user's browser.|
The vendor has released a fixed version (2.0.15), available at:|
Vendor URL: www.phpbb.com/phpBB/viewtopic.php?f=14&t=288194 (Links to External Site)
Input validation error|
|Underlying OS: Linux (Any), UNIX (Any), Windows (Any)|
This archive entry has one or more follow-up message(s) listed below.|
Source Message Contents
Subject: phpbb 2.0.15 released - patches high critical vuln|
I don't normally send an email about updated packages, but this one fixes
a potentially serious issue.
A high risk bbcode.php vulnerability is patched with this version, at the
very least please patch it via the link above. It was discovered by
Papados and patched by myself. In agreement with phpbb.com, we'll
(CastleCops) release the full details in five days. A CVE has been
Alt Src: http://isc.sans.org/diary.php?date=2005-05-07
Paul Laudanski .. Computer Cops, LLC.
Microsoft MVP Windows-Security 2005
MVP Blog http://msmvps.com/castlecops
CCW Wiki http://wiki.castlecops.com
BHO/TB CLSIDs: http://castlecops.com/CLSID.html
________ Information from Computer Cops, L.L.C. ________
This message was checked by NOD32 Antivirus System for Linux Mail Server.
part000.txt - is OK