FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Critical SQL injection in phpBB

Affected packages
		phpbb	<=	2.0.8

Details

VuXML ID	70f5b3c6-80f0-11d8-9645-0020ed76ef5a
Discovery	2004-03-26
Entry	2004-03-28

Anyone can get admin's username and password's md5 hash via a single web request. A working example is provided in the advisory.

References

Bugtraq ID	9984
Message	http://marc.theaimsgroup.com/?l=bugtraq&m=108032454818873

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.