Certain forms in phpBB before 2.0.22 lack session checks, which has unknown impact and remote attack vectors.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Phpbb | Phpbb_group | 1.2.4_rc3 (including) | 1.2.4_rc3 (including) |
| Phpbb | Phpbb_group | 2.0.18 (including) | 2.0.18 (including) |
| Phpbb | Phpbb_group | 2.0.20 (including) | 2.0.20 (including) |
| Phpbb | Phpbb_group | 2.0.21 (including) | 2.0.21 (including) |
| Phpbb2 | Ubuntu | dapper | * |
| Phpbb2 | Ubuntu | edgy | * |
| Phpbb2 | Ubuntu | feisty | * |
| Phpbb2 | Ubuntu | gutsy | * |
| Phpbb2 | Ubuntu | hardy | * |
| Phpbb2 | Ubuntu | intrepid | * |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980
- http://secunia.com/advisories/28871
- http://www.debian.org/security/2008/dsa-1488
- http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624
- http://www.securityfocus.com/bid/21806
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=405980
- http://secunia.com/advisories/28871
- http://www.debian.org/security/2008/dsa-1488
- http://www.phpbb.com/phpBB/viewtopic.php?f=14\u0026t=489624
- http://www.securityfocus.com/bid/21806