VULHUB ™

phpBB is free, open-source web forums software that is written in PHP and backended by MySQL. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. phpBB includes functionality to allow forum users to post images in messages. To post an image, a user simply includes a link to the image inside of [img] tags. However, phpBB does not adequately filter script code from image tags, making it prone to injection of arbitrary attacker-supplied script code. This issue may be exploited by an attacker to steal cookie-based authentication credentials from legitimate users of the forum software. It should be noted that an attempt was made to address this issue in version 1.4.4. However, it has been found that script code was only being filtered from image tags when a new post was created. An attacker may still go back and edit a post to include malicious image tags containing script code. phpBB2 releases are reportedly not affected by this issue.

phpBB is free, open-source web forums software that is written in PHP and backended by MySQL. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. phpBB includes functionality to allow forum users to post images in messages. To post an image, a user simply includes a link to the image inside of [img] tags. However, phpBB does not adequately filter script code from image tags, making it prone to injection of arbitrary attacker-supplied script code. This issue may be exploited by an attacker to steal cookie-based authentication credentials from legitimate users of the forum software. It should be noted that an attempt was made to address this issue in version 1.4.4. However, it has been found that script code was only being filtered from image tags when a new post was created. An attacker may still go back and edit a post to include malicious image tags containing script code. phpBB2 releases are reportedly not affected by this issue.