Vulnerabilities > CVE-2003-0486 - Unspecified vulnerability in PHPbb Group PHPbb
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earlier allows remote attackers to steal password hashes via the topic_id parameter.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 1 |
Exploit-Db
| description | phpBB 2.0.5 SQL Injection password disclosure Exploit. CVE-2003-0486. Webapps exploit for php platform |
| id | EDB-ID:44 |
| last seen | 2016-01-31 |
| modified | 2003-06-20 |
| published | 2003-06-20 |
| reporter | Rick Patel |
| source | https://www.exploit-db.com/download/44/ |
| title | phpBB 2.0.5 - SQL Injection password disclosure Exploit |
Nessus
| NASL family | CGI abuses |
| NASL id | PHPBB_SQL_INJECTION.NASL |
| description | There is a flaw in the version of phpBB hosted on the remote web server that may allow anyone to inject arbitrary SQL commands, which could in turn be used to gain administrative access on the remote host or to obtain the MD5 hash of the password of any user. |
| last seen | 2020-06-01 |
| modified | 2020-06-02 |
| plugin id | 11767 |
| published | 2003-06-19 |
| reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
| source | https://www.tenable.com/plugins/nessus/11767 |
| title | phpBB viewtopic.php topic_id Parameter SQL Injection |
References
- http://marc.info/?l=bugtraq&m=105607263130644&w=2
- http://marc.info/?l=bugtraq&m=105607263130644&w=2
- http://www.phpbb.com/phpBB/viewtopic.php?t=112052
- http://www.phpbb.com/phpBB/viewtopic.php?t=112052
- http://www.securityfocus.com/bid/7979
- http://www.securityfocus.com/bid/7979
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12366
- https://exchange.xforce.ibmcloud.com/vulnerabilities/12366