Don't know if our version includes this module... ------------------------------ Description: sNKenjoi has reported two vulnerabilities in the phpbb-Auction module for phpBB, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "u" parameter in "auction_rating.php" and the "ar" parameter in "auction_offer.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. It is also possible to disclose the full path to "auction_myauctions.php" via an invalid value for the "mode" parameter. The vulnerabilities have been reported in version 1.2m and prior. Other versions may also be affected. Solution: Edit the source code to ensure that input is properly sanitised.
Our phpBB is pure phpBB, no module (nor salt) added.