Gravità: : Critico
  Data notifica: 04 febbraio 2011

  Descrizione

A Remote Command Execution vulnerability has been found in phpBB version 2.0.10 and below. Inputs to several HTTP requests are not validated by this script. Once this vulnerability is successfully exploited, a remote malicious user can view the content of arbitrary files on the system with the privileges of the Web server.
phpBB is an open source bulletin board system.

  Informazioni esposizione:

Download the latest NVW pattern file from this site:
http://www.trendmicro.com/download/product.asp?productid=45

  Software e versione interessati:

  • phpBB version 2.0.10 and below