Description: Two vulnerabilities have been reported in phpBB, which can be exploited by malicious people to conduct script insertion attacks and compromise a vulnerable system.
1) Input passed to the "highlight" parameter in "viewtopic.php" is not properly sanitised before being used in a "preg_replace()" call with the "e" modifier. This can be exploited to inject arbitrary PHP code.
NOTE: This is related to an older vulnerability incorrectly fixed in version 2.0.11.
The vulnerability has been reported in version 2.0.15 and prior.
2) An input validation error in the avatar section can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site in the Microsoft Internet Explorer browser by uploading a specially crafted JavaScript file with an image file extension.
The vulnerability has been reported in version 2.0.15. Prior versions may also be affected.
Provided and/or discovered by: 1) Ron van Daal
2) The vendor credits Xpert
Changelog: 2005-06-28: Updated advisory.
2005-06-29: Ron van Daal released details. Updated "Description" section.
2005-07-29: Vendor released details about another vulnerability. Updated advisory.
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.
Ideas, suggestions, and other feedback are most welcome.
