Summary: | www-apps/phpBB Possible several issues | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Sune Kloppenborg Jeppesen (RETIRED) <jaervosz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED WONTFIX | ||
Severity: | trivial | CC: | grimmlin, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://archives.neohapsis.com/archives/fulldisclosure/2005-12/0829.html | ||
Whiteboard: | ~4 [?] | ||
Package list: | Runtime testing required: | --- |
Description
Sune Kloppenborg Jeppesen (RETIRED)
2005-12-17 23:11:44 UTC
Our forums aren't affected by this as we have both HTML and register_globals switched off. This looks very limited. - XSS if Allowed HTML tags is set to "ON" - Path disclosure if PHP has register_globals = On and display_errors = On Those are non-standard settings... Closing this one, feel free to reopen if phpBB releases a new version. *** Bug 117560 has been marked as a duplicate of this bug. *** 2.0.19 is out, if you want to revisit this. Well, phpBB is still security-masked as a semi-permanent security PITA so no, I don't want to revisit this. However www-apps can still bump it to 2.0.19 if they want to, since lots of users security_unmask the thing and accept the risk. 2.0.19 in CVS, just FYI |