Vulnerabilities > CVE-2010-1630 - Unspecified vulnerability in PHPbb
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Unspecified vulnerability in posting.php in phpBB before 3.0.5 has unknown impact and attack vectors related to the use of a "forum id" in circumstances related to a "global announcement."
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 14 |
Seebug
| bulletinFamily | exploit |
| description | CVE(CAN) ID: CVE-2010-1630 phpBB是非常流行的WEB论坛程序。 phpBB的posting.php脚本在对张贴执行某些操作时没有正确地验证论坛ID,远程攻击者可以绕过预期的安全限制执行非授权操作。 phpBB < 3.0.5 厂商补丁: phpBB Group ----------- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://code.phpbb.com/repositories/diff/phpbb/branches/phpBB-3_0_0/phpBB/posting.php?rev=9499 |
| id | SSV:19679 |
| last seen | 2017-11-19 |
| modified | 2010-05-24 |
| published | 2010-05-24 |
| reporter | Root |
| title | phpBB < 3.0.5 posting.php脚本错误权限检查漏洞 |
References
- http://github.com/phpbb/phpbb3/commit/4ea3402f9363c9259881bc8ea6ce7fc6cb212657
- http://www.openwall.com/lists/oss-security/2010/05/16/1
- http://www.openwall.com/lists/oss-security/2010/05/18/12
- http://www.openwall.com/lists/oss-security/2010/05/19/5
- http://www.phpbb.com/community/viewtopic.php?f=14&p=9764445