CVE-2003-1244

SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:phpbb_group:phpbb:2.0.0:*:*:*:*:*:*:*
cpe:2.3:a:phpbb_group:phpbb:2.0.1:*:*:*:*:*:*:*
cpe:2.3:a:phpbb_group:phpbb:2.0.2:*:*:*:*:*:*:*

History

20 Nov 2024, 23:46

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html - Exploit, Vendor Advisory () http://archives.neohapsis.com/archives/bugtraq/2003-02/0245.html - Exploit, Vendor Advisory
References () http://www.iss.net/security_center/static/11376.php - Patch () http://www.iss.net/security_center/static/11376.php - Patch
References () http://www.securityfocus.com/bid/6888 - Exploit, Patch () http://www.securityfocus.com/bid/6888 - Exploit, Patch

Information

Published : 2003-12-31 05:00

Updated : 2024-11-20 23:46


NVD link : CVE-2003-1244

Mitre link : CVE-2003-1244

CVE.ORG link : CVE-2003-1244


JSON object : View

Products Affected

phpbb_group

  • phpbb
CWE
CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')