phpBB is free, open-source, easy-to-use web forums software.
An issue exists in phpBB which allows a remote attacker to manipulate SQL queries in such a way as to gain an administrative account with the service.
This problem is due to improper validation of user-supplied input by certain variables in phpBB. This issue can be exploited by making a cleverly crafted web request that contains arbitrary user-supplied replacement values.
One consequence of successful exploitation is that the attacker will be privy to user information.
1. Register an account on a phpBB board version
2. Enter above URL with the correct sitename
and replace l337h4x0r with your username.
3. Click on "Administration Panel" near the bottom of
phpBB contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'viewemail' and 'lang' variable in the 'prefs.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.
Upgrade to version 2.0.7 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.