[39329] in bugtraq
RE: [Fwd: phpBB 2.0.16 released]
daemon@ATHENA.MIT.EDU (ronvdaal)
Tue Jun 28 18:43:23 2005
Date: Tue, 28 Jun 2005 23:00:31 +0200 (CEST)
From: ronvdaal <ronvdaal@zarathustra.linux666.com>
To: bugtraq@securityfocus.com
In-Reply-To: <NGEHLEPKOGIHAIJAMDPKGECGCKAA.bugtraq@secur1ty.net>
Message-ID: <20050628225811.U90936@zarathustra.linux666.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
>> The changelog (contained within this release) is as follows:
>> - Fixed critical issue with highlighting - Discovered and fix provided by
>> Ron van Daal
>
> Does anyone know what the scope of this vulnerability actually is? "Critical
> issue" isn't really enough to go on here. Are we talking arbitrary PHP code
> execution or something lesser like SQL injection or slipping HTML into the
> bbCode? Neither the phpBB Changelog or any advisories seem to mention what
> the scope of this is. I'm guessing it's arbitrary PHP code execution based
> on what previous vulnerabilities in phpBB have yielded, but it would be nice
> to know for sure.
It's highly critical. It allows one to inject PHP code.
Please see my next message, I'm releasing my advisory.
Kind regards,
Syntonix
