• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

phpBB 'viewtopic.php' Remote Code Execution Vulnerability

Bugtraq ID:	14086
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jun 28 2005 12:00AM
Updated:	Feb 05 2008 02:16PM
Credit:	Discovery of this vulnerability is credited to ronvdaal <ronvdaal@zarathustra.linux666.com>.
Vulnerable:	PNphpBB PNphpBB 1.2 g PNphpBB PNphpBB 1.2 f PNphpBB PNphpBB 1.2 phpBB Group phpBB 2.0.15 phpBB Group phpBB 2.0.14 phpBB Group phpBB 2.0.13 + Debian Linux 3.1 sparc + Debian Linux 3.1 s/390 + Debian Linux 3.1 ppc + Debian Linux 3.1 mipsel + Debian Linux 3.1 mips + Debian Linux 3.1 m68k + Debian Linux 3.1 ia-64 + Debian Linux 3.1 ia-32 + Debian Linux 3.1 hppa + Debian Linux 3.1 arm + Debian Linux 3.1 alpha + Debian Linux 3.1 phpBB Group phpBB 2.0.12 phpBB Group phpBB 2.0.11 phpBB Group phpBB 2.0.10 phpBB Group phpBB 2.0.9 phpBB Group phpBB 2.0.8 a phpBB Group phpBB 2.0.8 phpBB Group phpBB 2.0.7 a phpBB Group phpBB 2.0.7 phpBB Group phpBB 2.0.6 d phpBB Group phpBB 2.0.6 c phpBB Group phpBB 2.0.6 phpBB Group phpBB 2.0.5 phpBB Group phpBB 2.0.4 phpBB Group phpBB 2.0.3 phpBB Group phpBB 2.0.2 phpBB Group phpBB 2.0.1 phpBB Group phpBB 2.0 .0 phpBB Group phpBB 2.0 RC4 - Apache Software Foundation Apache 1.3.9 - Apache Software Foundation Apache 1.3.9 phpBB Group phpBB 2.0 RC3 - Apache Software Foundation Apache 1.3.9 - Apache Software Foundation Apache 1.3.9 phpBB Group phpBB 2.0 RC2 - Apache Software Foundation Apache 1.3.9 - Apache Software Foundation Apache 1.3.9 phpBB Group phpBB 2.0 RC1 - Apache Software Foundation Apache 1.3.9 - Apache Software Foundation Apache 1.3.9 phpBB Group phpBB 2.0 Beta 1 - Apache Software Foundation Apache 1.3.9 - Apache Software Foundation Apache 1.3.9 phpBB Group phpBB 1.4.4 - Apache Software Foundation Apache 1.3.9 - Apache Software Foundation Apache 1.3.9 phpBB Group phpBB 1.4.2 - Apache Software Foundation Apache 1.3.9 - Apache Software Foundation Apache 1.3.9 phpBB Group phpBB 1.4.1 phpBB Group phpBB 1.4 .0 phpBB Group phpBB 1.2.1 phpBB Group phpBB 1.2 .0 phpBB Group phpBB 1.0 .0 Gentoo Linux
Not Vulnerable:	phpBB Group phpBB 2.0.16 phpBB Group phpBB 2.0.11