Check Point Advisories

Update Protection against phpBB and PHPGedView Remote Execution Vulnerabilities

Check Point Reference: CPAI-2006-005
Date Published: 24 Jan 2006
Severity: Medium
Last Updated: 8 May 2007
Source: SANS
Security Tracker Alert ID: 1015395
Industry Reference:CVE-2005-4468
Protection Provided by:
Who is Vulnerable? phpBB version 2.0.17 and prior
PhpGedView 2.x and 3.x
Vulnerability Description

phpBB is a widely used bulletin board software package. PhpGedView is a genealogy program which allows for genealogy viewing and editing on the Web. Several vulnerabilities reported in phpBB and in PhpGedView could allow an attacker to execute arbitrary PHP code.

Vulnerability DetailsPhpGedView vulneravility: The 'help_text_vars.php' script does not properly validate user-supplied input in the 'PGV_BASE_DIRECTORY' parameter. A remote attacker can supply a specially crafted URL to execute arbitrary code on the target system. 

phpBB vulnerability: Input passed to the "phpbb_root_path" parameter in "admin_styles.php" is not properly sanitized prior to being used to include files. This can be exploited to include arbitrary files from external resources.

Protection Overview