Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-1244SQL Injection in Group Phpbb

CWE-89SQL Injection3 documents3 sources
Severity
7.5HIGHNVD
EPSS
2.0%
top 16.39%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Phpbb Group Phpbb
Timeline
PublishedDec 31
Latest updateApr 29

Description

SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and 2.0.2 allows remote attackers to brute force user passwords and possibly gain unauthorized access to forums via the forum_id parameter to index.php.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

NVDphpbb_group/phpbb2.0.0, 2.0.1, 2.0.2+2

Patches

Patch: www.iss.netPatch: www.securityfocus.comPatch: www.iss.net

🔴Vulnerability Details

1
GHSA
GHSA-jwcv-v5fq-fx8v: SQL injection vulnerability in page_header2022-04-29

💥Exploits & PoCs

1
Exploit-DB
PHPBB2 - 'Page_Header.php' SQL Injection2003-02-19