PHPBB Auth.PHP文件泄漏漏洞

漏洞信息详情

PHPBB Auth.PHP文件泄漏漏洞

• CNNVD编号：CNNVD-200312-455
• 危害等级： 中危
  
  
• CVE编号：
  CVE-2003-1373
  
• 漏洞类型：
  
  
  路径遍历
  
• 发布时间：
  
  2003-12-31
  
• 威胁类型：
  
  
  远程
  
• 更新时间：
  
  2003-12-31
  
• 厂        商：
  
  phpbb_group
• 漏洞来源：
  Discovery of this …

PhpBB 1.4.0至1.4.4版本的auth.php存在目录遍历漏洞。远程攻击者可以借助后跟CGI参数的空（\\%00）字符的..(dot dot)序列读取并包含任意文件，正如prefs.php使用lang参数。

It has been reported that the vendor will not be releasing fixes for phpBB 1.4.x. Users are advised to upgrade to phpBB2, which is actively supported by the vendor.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: vuldb@securityfocus.com .
@securityfocus.com>

来源: XF
名称: phpbb-auth-read-files(11407)
链接:http://xforce.iss.net/xforce/xfdb/11407

来源: BID
名称: 6889
链接:http://www.securityfocus.com/bid/6889

来源: BUGTRAQ
名称: 20030220 phpBB Security Bugs
链接:http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html