Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
Published:		06.05.2006
Source:
SecurityVulns ID:		6096
Type:		remote
Level:		5/10
Description:		PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.

Affected:		PHPBB : phpBB 2.0
		CUREPHP : CuteNews 1.4
		SAPHPLESSON : SaphpLesson 3.0
		ALBINATOR : Albinator 2.0
		EVOARTICLES : evoArticles 2.0
CVE:		CVE-2006-2220 (phpBB 2.0.20 does not properly verify user-specified input variables used as limits to SQL queries, which allows remote attackers to obtain sensitive information via a negative LIMIT specification, as demonstrated by the start parameter to memberlist.php, which reveals the SQL query in the resulting error message.)
		CVE-2006-2219 (phpBB 2.0.20 does not verify user-specified input variable types before being passed to type-dependent functions, which allows remote attackers to obtain sensitive information, as demonstrated by the (1) mode parameter to memberlist.php and the (2) highlight parameter to viewtopic.php that are used as an argument to the htmlspecialchars or urlencode functions, which displays the installation path in the resulting error message.)

Original document		SECUNIA, [SA19952] Albinator File Inclusion and Cross-Site Scripting Vulnerabilities (06.05.2006)
		Maksymilian Arciemowicz, [Full-disclosure] phpBB 2.0.20 Full Path Disclosure and SQL Errors (06.05.2006)
		o.y.6_(at)_hotmail.com, Invision Community Blog .. Bugs (06.05.2006)
		Mster-X_(at)_hotmail.com, CuteNews 1.4.1 Multiple vulnerabilities (06.05.2006)
		Mster-X_(at)_hotmail.com, modules name(Downloads)SQL Injection Exploit (06.05.2006)
		Mster-X_(at)_hotmail.com, modules name(Sections)SQL Injection Exploit (06.05.2006)
		Cyber Lords, SQL-Injection in evoArticles (06.05.2006)

Files:		Exploits phpBB auction mod - Remote File Inclusion Vuln
		Statit V4 Remote File Inclusion exploit
Discuss:		Read or add your comments to this news (0 comments)