Vulnerabilities > CVE-2003-0486 - SQL Injection vulnerability in phpBB Viewtopic.PHP

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
phpbb-group
nessus
exploit available

Summary

SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.

Vulnerable Configurations

Part Description Count
Application
Phpbb_Group
1

Exploit-Db

descriptionphpBB 2.0.5 SQL Injection password disclosure Exploit. CVE-2003-0486. Webapps exploit for php platform
idEDB-ID:44
last seen2016-01-31
modified2003-06-20
published2003-06-20
reporterRick Patel
sourcehttps://www.exploit-db.com/download/44/
titlephpBB 2.0.5 - SQL Injection password disclosure Exploit

Nessus

NASL familyCGI abuses
NASL idPHPBB_SQL_INJECTION.NASL
descriptionThere is a flaw in the version of phpBB hosted on the remote web server that may allow anyone to inject arbitrary SQL commands, which could in turn be used to gain administrative access on the remote host or to obtain the MD5 hash of the password of any user.
last seen2020-06-01
modified2020-06-02
plugin id11767
published2003-06-19
reporterThis script is Copyright (C) 2003-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/11767
titlephpBB viewtopic.php topic_id Parameter SQL Injection