• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

phpBB Memberlist Search And Private Message Attachment Mutliple Security Bypass Vulnerabilities

phpBB is prone to two vulnerabilities that attackers can leverage to bypass security restrictions. These issues affect the memberlist search and the private-message attachment features.

Authenticated attackers can exploit these issues to determine the private email addresses of arbitrary users and to view files that are attached to private messages between arbitrary users. Information harvested in successful exploits will aid in further attacks.

phpBB 3.0.0 is vulnerable; prior versions may also be affected.