|
phpBB2 privmsg.php SQL Injection Vulnerability
A SQL injection vulnerability has been reported for phpBB2 systems that may result in the deletion of all private messages. phpBB2, in some cases, does not sufficiently sanitize user-supplied input which is used when constructing SQL queries to execute on the underlying database. As a result, it is possible to manipulate SQL queries. This may allow a remote attacker to modify query logic or potentially corrupt the database. A remote attacker can exploit this vulnerability by manipulating URI parameters to cause the text of all private messages to be deleted. |
|
|
Privacy Statement |
