Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2002-2176 — SQL Injection in Group Phpbb

3 documents3 sources

Severity

10.0CRITICALNVD

EPSS

0.7%

top 28.25%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Phpbb Group Phpbb

Timeline

PublishedDec 31

Latest updateApr 30

Description

SQL injection vulnerability in Gender MOD 1.1.3 allows remote attackers to gain administrative access via the user_level parameter in the User Profile page.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDphpbb_group/phpbb2.0.0, 2.0.1+1

Patches

Patch: www.iss.net ↗Patch: www.securityfocus.com ↗Patch: www.iss.net ↗

🔴Vulnerability Details

GHSA

GHSA-rhj3-93x7-f829: SQL injection vulnerability in Gender MOD 1↗2022-04-30

▶

💥Exploits & PoCs

Exploit-DB

phpBB2 Gender Mod 1.1.3 - SQL Injection↗2002-07-29

▶