VULHUB ™

An input validation error exists in phpBB, a freely available WWW forums package. The problem is due to improper validation of a variable in the 'bb_profile.php' script included in the package. It may be possible for users registered with the phpBB system to manipulate SQL queries performed by the script and gain access to the package's administrative features. One consequence of successful exploitation is that the attacker will be privy to user information.

An input validation error exists in phpBB, a freely available WWW forums package. The problem is due to improper validation of a variable in the 'bb_profile.php' script included in the package. It may be possible for users registered with the phpBB system to manipulate SQL queries performed by the script and gain access to the package's administrative features. One consequence of successful exploitation is that the attacker will be privy to user information.