FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Critical SQL injection in phpBB

Affected packages
phpbb <= 2.0.8

Details

VuXML ID 70f5b3c6-80f0-11d8-9645-0020ed76ef5a
Discovery 2004-03-26
Entry 2004-03-28

Anyone can get admin's username and password's md5 hash via a single web request. A working example is provided in the advisory.

References

Bugtraq ID 9984
Message http://marc.theaimsgroup.com/?l=bugtraq&m=108032454818873