VULHUB ™

It is reported that phpBB contains multiple unspecified SQL injection vulnerabilities. One vulnerability is reported to exist in 'admin_board.php'. The other pertains to improper characters in the session id variable. These issues are due to a failure of the application to properly sanitize user-supplied URI parameters before using them to construct SQL queries to be issued to the underlying database. Version 2.0.9 has been released addressing these, and other issues. This BID will be updated when further information is known.

It is reported that phpBB contains multiple unspecified SQL injection vulnerabilities. One vulnerability is reported to exist in 'admin_board.php'. The other pertains to improper characters in the session id variable. These issues are due to a failure of the application to properly sanitize user-supplied URI parameters before using them to construct SQL queries to be issued to the underlying database. Version 2.0.9 has been released addressing these, and other issues. This BID will be updated when further information is known.