Vulnerabilities > CVE-2003-1216 - SQL Injection vulnerability in phpBB search.php
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier allows remote attackers to execute arbitrary SQL and gain privileges via the search_id parameter.
Vulnerable Configurations
Exploit-Db
description | phpBB 2.0.6 search_id sql injection MD5 Hash Remote Exploit. CVE-2003-1216. Webapps exploit for php platform |
id | EDB-ID:137 |
last seen | 2016-01-31 |
modified | 2003-12-21 |
published | 2003-12-21 |
reporter | RusH |
source | https://www.exploit-db.com/download/137/ |
title | phpBB 2.0.6 - search_id SQL Injection MD5 Hash Remote Exploit |
Nessus
NASL family | CGI abuses |
NASL id | PHPBB_SQL_INJECTION2.NASL |
description | The remote host is running a version of phpBB older than 2.0.7. There is a flaw in the remote software that could allow anyone to inject arbitrary SQL commands, which may in turn be used to gain administrative access on the remote host or to obtain the MD5 hash of the password of any user. |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 11938 |
published | 2003-12-04 |
reporter | This script is Copyright (C) 2003-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/11938 |
title | phpBB < 2.0.7 Multiple Script SQL Injection |
code |
|