Vulnerabilities > CVE-2008-1766 - Unspecified vulnerability in PHPbb 3.0.0/3.0.0Rc
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Multiple unspecified vulnerabilities in phpBB before 3.0.1 have unknown impact and attack vectors, related to "two minor security-related bugs."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 8 |
Seebug
| bulletinFamily | exploit |
| description | BUGTRAQ ID: 28790 CVE(CAN) ID: CVE-2008-1766 phpBB是非常流行的WEB论坛程序。 phpBB没有对成员列表功能实施充分的访问限制,如果攻击者拥有有效的用户凭据并能够查看成员列表页面的话,就可以通过邮件地址搜索成员列表,这样就通过地址连接到了帐号。 phpBB没有对PM附件功能实施充分的访问限制,如果攻击者拥有有效的用户凭据、可以查看PM系统中的附件并知道附件ID的话,就可以查看其他用户的附件。 phpBB Group phpBB 3.0.0 phpBB Group ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: <a href=http://downloads.sourceforge.net/phpbb/phpBB-3.0.1-patch.tar.bz2?download target=_blank>http://downloads.sourceforge.net/phpbb/phpBB-3.0.1-patch.tar.bz2?download</a> <a href=http://downloads.sourceforge.net/phpbb/phpBB-3.0.1.tar.bz2?download target=_blank>http://downloads.sourceforge.net/phpbb/phpBB-3.0.1.tar.bz2?download</a> |
| id | SSV:3181 |
| last seen | 2017-11-19 |
| modified | 2008-04-17 |
| published | 2008-04-17 |
| reporter | Root |
| title | phpBB成员列表搜索及私人消息附件绕过安全限制漏洞 |
References
- http://www.phpbb.com/community/viewtopic.php?f=14&t=879735
- http://www.phpbb.com/community/viewtopic.php?f=14&t=879735
- http://www.vupen.com/english/advisories/2008/1236/references
- http://www.vupen.com/english/advisories/2008/1236/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41886
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41886