FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpbb -- Insuffient check against HTML code in usercp_register.php

Affected packages
phpbb <= 2.0.13

Details

VuXML ID 4a0b334d-8d8d-11d9-afa0-003048705d5a
Discovery 2005-02-28
Entry 2005-03-05
Modified 2005-03-07

Neo Security Team reports:

If we specify a variable in the html code (any type: hidden, text, radio, check, etc) with the name allowhtml, allowbbcode or allowsmilies, is going to be on the html, bbcode and smilies in our signature.

[source]

This is a low risk vulnerability that allows users to bypass forum-wide configuration.

References

Message 20050303055339.3109.qmail@www.securityfocus.com
Message 38599.166.68.134.174.1109875231.squirrel@166.68.134.174

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.