Vulnerabilities > CVE-2005-0614 - Remote Security vulnerability in phpBB
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.
Vulnerable Configurations
Exploit-Db
description phpBB <= 2.0.12 Session Handling Authentication Bypass (tutorial 2). CVE-2005-0614. Webapps exploit for php platform id EDB-ID:871 last seen 2016-01-31 modified 2005-03-11 published 2005-03-11 reporter Ali7 source https://www.exploit-db.com/download/871/ title phpBB <= 2.0.12 Session Handling Authentication Bypass tutorial 2 description phpBB <= 2.0.12 Change User Rights Authentication Bypass. CVE-2005-0614. Webapps exploit for php platform id EDB-ID:889 last seen 2016-01-31 modified 2005-03-21 published 2005-03-21 reporter Kutas source https://www.exploit-db.com/download/889/ title phpBB <= 2.0.12 Change User Rights Authentication Bypass description phpBB. CVE-2005-0614. Webapps exploit for php platform id EDB-ID:897 last seen 2016-01-31 modified 2005-03-24 published 2005-03-24 reporter str0ke source https://www.exploit-db.com/download/897/ title phpBB <= 2.0.12 - Change User Rights Authentication Bypass c code
Nessus
NASL family | CGI abuses |
NASL id | PHPBB_2_0_12.NASL |
description | The remote host is running a version of phpBB that suffers from a session handling flaw allowing a remote attacker to gain access to any account, including that of an administrator. Also, there is a path disclosure bug in |
last seen | 2020-06-01 |
modified | 2020-06-02 |
plugin id | 17225 |
published | 2005-02-28 |
reporter | This script is Copyright (C) 2005-2018 Tenable Network Security, Inc. |
source | https://www.tenable.com/plugins/nessus/17225 |
title | phpBB <= 2.0.12 Multiple Vulnerabilities |
code |
|