phpBB Spider Friendly Module Vulnerability reported

Secunia Advisories reports that Kacper has found a vulnerability in the Spider Friendly module for phpBB

The vulnerability is reported in version 1.3.10 of the module, with the possibility that other versions may also be affected.

It is reported to be Highly Critical.

Input passed to the “phpbb_root_path” parameter in admin/modules_data.php is not properly verified before being used to include files. This can be exploited to include arbitrary files from local or external resources.

A solution as of now is to edit the source code to ensure that the parameter is properly verified.

Advertisements

1 thought on “phpBB Spider Friendly Module Vulnerability reported”

  1. Hi Folks!

    Just wanted to share my new experience.

    If your Windows XP denies to run due to an error corresponding to lost HAL.DLL, invalid Boot.ini or any other important system boot files you can fix this by using the XP installation CD. Just boot from your XP Setup CD and enter the Recovery Console. Then run \”attrib -H -R -S\” on the C:Boot.ini file and remove it. Run \”Bootcfg /Rebuild\” and then Fixboot

    Regards,
    Carl

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.