vendor:
phpBB
by:
Axl
7.5
CVSS
HIGH
Remote Code Execution
89
CWE
Product Name: phpBB
Affected Version From: 2.0.0
Affected Version To: 2.0.33
Patch Exists: NO
Related CWE: CVE-2005-1377
CPE: a:phpbb_group:phpbb:2.0.0
Platforms Tested:
2005
Calendar Pro Mod for phpBB Exploit
This Perl script exploits a vulnerability in the 'Calendar Pro' Mod for phpBB version 2.0.33 and below. By sending a specially crafted request to the cal_view_month.php script, an attacker can execute arbitrary SQL queries and retrieve the MD5 hash of a user's password.
Mitigation:
Upgrade to a newer version of the 'Calendar Pro' Mod for phpBB.