| Vulnerability Name: | CVE-2003-1244 (CCN-11376) | ||||||||
| Assigned: | 2003-02-20 | ||||||||
| Published: | 2003-02-20 | ||||||||
| Updated: | 2008-09-05 | ||||||||
| Summary: | SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php. | ||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||
| CVSS v2 Severity: | 7.5 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P)
| ||||||||
| Vulnerability Type: | CWE-89 | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: BUGTRAQ Type: Exploit, Vendor Advisory 20030220 phpBB Security Bugs Source: CCN Type: BugTraq Mailing List, Thu Feb 20 2003 - 14:37:25 CST phpBB Security Bugs Source: MITRE Type: CNA CVE-2003-1244 Source: XF Type: Patch phpbb-pageheader-sql-injection(11376) Source: CCN Type: OSVDB ID: 37035 phpBB page_header.php user_id Parameter SQL Injection Source: CCN Type: phpBB Web site phpBB:: Creating Communities Source: BID Type: Exploit, Patch 6888 Source: CCN Type: BID-6888 PHPBB2 Page_Header.PHP SQL Injection Vulnerability Source: XF Type: UNKNOWN phpbb-pageheader-sql-injection(11376) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||