Affected Systems:
PhpBB Group Chart Mod 1.1
Description:
--------------------------------------------------------------------------------
Bugtraq id: 17952
PhpBB is a Web-based Open Source Forum program implemented in PHP, which is widely used. It supports multiple databases as the backend, such as Oracle, MSSQL, MySql, and ipvs.
Multiple cross-site scripting and SQL injection vulnerabilities exist in the Chart module of phpBB. Remote attackers can exploit this vulnerability to execute multiple malicious operations on clients or servers.
<* Source: sn4k3.23 (sn4k3.23@gmail.com)
Link: http://marc.theaimsgroup.com /? L = bugtraq & m = 114738681522741 & w = 2
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
PhpBB Group
-----------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.phpbb.com/