{"vuid":"VU#497400","idnumber":"497400","name":"phpBB viewtopic.php fails to properly sanitize input passed to the \"highlight\" parameter","keywords":["phpBB","viewtopic.php","highlight","input sanitization","arbitrary command execution"],"overview":"phpBB contains an user input validation problem with regard to the parsing of the URL. An intruder can deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board.","clean_desc":"phpBB is an open-source bulletin board. A lack of input validation on the highlight parameter supplied to viewtopic.php may allow a remote attacker to execute arbitrary commands on a vulnerable server. The problem occurs because phpBB does not scan incoming URLs for malicious content when they are decoded. We have seen reports of exploitation related to this vulnerability.","impact":"A remote attacker may be able to deface a phpBB website, execute arbitrary commands, or gain administrative privileges on a compromised bulletin board.","resolution":"Update\nNote that phpBB version 2.0.11 did not adequately correct this vulnerability. The phpBB Development Team has released phpBB version 2.0.16 to fully correct this issue.","workarounds":"","sysaffected":"","thanks":"This vulnerability was reported by the phpBB Development Team.","author":"This document was written by Jeff Gennari.","public":["http://secunia.com/advisories/13239/","http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240636","http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=240513"],"cveids":[""],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2004-11-23T14:13:47Z","publicdate":"2004-11-19T00:00:00Z","datefirstpublished":"2004-12-21T20:39:45Z","dateupdated":"2005-06-29T19:03:47Z","revision":34,"vrda_d1_directreport":"","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"20","cam_exploitation":"17","cam_internetinfrastructure":"8","cam_population":"10","cam_impact":"15","cam_easeofexploitation":"15","cam_attackeraccessrequired":"20","cam_scorecurrent":"37.96875","cam_scorecurrentwidelyknown":"37.96875","cam_scorecurrentwidelyknownexploited":"40.5","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":37.96875,"vulnote":null}