Test Kennung:	1.3.6.1.4.1.25623.1.0.112571
Kategorie:	Web application abuses
Titel:	phpBB < 3.2.6 Multiple Vulnerabilities
Zusammenfassung:	phpBB is prone to multiple vulnerabilities.
Beschreibung:	Summary: phpBB is prone to multiple vulnerabilities. Vulnerability Insight: The following vulnerabilities exist: - Successful exploitation generates a slow SQL query which causes the database engine used by phpBB to consume all available CPU resources. Depending upon the database engine, users will also be completely unable to create or modify posts due to locks on the search index tables. The slowness of the query depends on the size of the search_wordlist and search_wordmatch tables (CVE-2019-9826). - Server side request forgery (SSRF) allows checking for the existence of files and services on the local network of the host through the remote avatar upload function (CVE-2019-11767). Vulnerability Impact: Successful exploitation would allow an attacker to trigger a denial of service attack via the keywords URL parameter of search.php and to check for the existence of files and services. Affected Software/OS: phpBB versions before 3.2.6. Solution: Update to version 3.2.6 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2019-9826 https://lists.debian.org/debian-lts-announce/2019/05/msg00004.html http://www.openwall.com/lists/oss-security/2019/04/29/3
Copyright	Copyright (C) 2019 Greenbone Networks GmbH

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.