• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

PHPBB Privmsg.PHP SQL Injection Vulnerability

Bugtraq ID:	9984
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 26 2004 12:00AM
Updated:	Mar 26 2004 12:00AM
Credit:	Discovery of this issue is credited to Janek Vind <come2waraxe@yahoo.com>
Vulnerable:	PNphpBB PNphpBB 1.2 g PNphpBB PNphpBB 1.2 f PNphpBB PNphpBB 1.2 phpBB Group phpBB 2.0.8 phpBB Group phpBB 2.0.7 a phpBB Group phpBB 2.0.7 phpBB Group phpBB 2.0.6 d phpBB Group phpBB 2.0.6 c phpBB Group phpBB 2.0.6 phpBB Group phpBB 2.0.5 phpBB Group phpBB 2.0.4 phpBB Group phpBB 2.0.3 phpBB Group phpBB 2.0.2 phpBB Group phpBB 2.0.1 phpBB Group phpBB 2.0 .0 phpBB Group phpBB 2.0 RC4 - Apache Software Foundation Apache 1.3.9 - Apache Software Foundation Apache 1.3.9 phpBB Group phpBB 2.0 RC3 - Apache Software Foundation Apache 1.3.9 - Apache Software Foundation Apache 1.3.9 phpBB Group phpBB 2.0 RC2 - Apache Software Foundation Apache 1.3.9 - Apache Software Foundation Apache 1.3.9 phpBB Group phpBB 2.0 RC1 - Apache Software Foundation Apache 1.3.9 - Apache Software Foundation Apache 1.3.9 phpBB Group phpBB 2.0 Beta 1 - Apache Software Foundation Apache 1.3.9 - Apache Software Foundation Apache 1.3.9 Francisco Burzi PHP-Nuke 7.1 Francisco Burzi PHP-Nuke 7.0 FINAL Francisco Burzi PHP-Nuke 7.0 Francisco Burzi PHP-Nuke 6.9 Francisco Burzi PHP-Nuke 6.7 Francisco Burzi PHP-Nuke 6.6 Francisco Burzi PHP-Nuke 6.5 RC3 Francisco Burzi PHP-Nuke 6.5 RC2 Francisco Burzi PHP-Nuke 6.5 RC1 Francisco Burzi PHP-Nuke 6.5 FINAL Francisco Burzi PHP-Nuke 6.5 BETA 1 Francisco Burzi PHP-Nuke 6.5 Francisco Burzi PHP-Nuke 6.0
Not Vulnerable: