ktauber.com Styles Demo MOD for phpBB Multiple Input Validation Vulnerabilities
BID:25710
Info
ktauber.com Styles Demo MOD for phpBB Multiple Input Validation Vulnerabilities
| Bugtraq ID: | 25710 |
| Class: | Input Validation Error |
| CVE: |
CVE-2007-4984 |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 18 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | nexen credited with the discovery of these vulnerabilities. |
| Vulnerable: |
ktauber.com Styles Demo MOD 0.9.9 |
| Not Vulnerable: | |
Discussion
ktauber.com Styles Demo MOD for phpBB Multiple Input Validation Vulnerabilities
ktauber.com Styles Demo MOD for phpBB is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Styles Demo MOD 0.9.9 is vulnerable; other versions may also be affected.
ktauber.com Styles Demo MOD for phpBB is prone to multiple input-validation vulnerabilities, including an SQL-injection issue and a cross-site scripting issue, because it fails to sufficiently sanitize user-supplied data.
Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Styles Demo MOD 0.9.9 is vulnerable; other versions may also be affected.
Exploit / POC
ktauber.com Styles Demo MOD for phpBB Multiple Input Validation Vulnerabilities
An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim user to follow a malicious URI.
The following exploit is available:
An attacker can exploit these issues via a browser. To exploit a cross-site scripting vulnerability, the attacker must entice a victim user to follow a malicious URI.
The following exploit is available:
Solution / Fix
ktauber.com Styles Demo MOD for phpBB Multiple Input Validation Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
ktauber.com Styles Demo MOD for phpBB Multiple Input Validation Vulnerabilities
References:
References:
- Vendor Homepage (ktauber.com)