Published: 20/04/2006 Updated: 18/10/2018

CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8

VMScore: 534

Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P

Unspecified vulnerability in phpBB allows remote authenticated users with Administration Panel access to execute arbitrary PHP code via crafted Font Colour 3 ($theme[fontcolor3] variable) and/or signature values, possibly involving the highlight functionality. NOTE: the original report does not clarify whether this issue is static code injection, eval injection, or another type of vulnerability.

Vulnerable Product	Search on Vulmon	Subscribe to Product
phpbb group phpbb

It was discovered that phpbb2, a web based bulletin board, does insufficiently sanitise values passed to the "Font Colour 3" setting, which might lead to the execution of injected code by admin users The old stable distribution (woody) does not contain phpbb2 packages For the stable distribution (sarge) this problem has been fixed in version 20 ...

CWE-94 http://www.debian.org/security/2006/dsa-1066 http://secunia.com/advisories/20197 http://secunia.com/advisories/20093 http://securityreason.com/securityalert/715 http://securityreason.com/securityalert/762 https://exchange.xforce.ibmcloud.com/vulnerabilities/25889 http://www.securityfocus.com/archive/1/431387/100/0/threaded http://www.securityfocus.com/archive/1/431015/100/0/threaded https://nvd.nist.gov https://www.debian.org/security/./dsa-1066

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2006-1896

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect