Yep, it seems that there is another vulnerability in the most popular online forum script, phpBB. Not even news worthy, seeing as the script’s 15 minutes of fame have long passed, and this is but another bullet in a long-since bullet-riddled history, but nevertheless, here is another one.
But if this isn’t news worthy, you’re probably wondering why I’m bothering to post about it? Good question, and here are two answers that should provide reason enough…
- NeoSmart Technologies is the original finder of these security holes;
- This may come in conjunction with a IPB 0-Day vulnerability… which is a bit more interesting, and makes it possible for me to post about the phpBB hole.
That said, our team is hard at work verifying the vulnerablities, and you should hear from us before the end of the day. There is most certainly a phpBB vulnerablity, and the same may exist in IPB, but we’re not 100% certain yet.
Please see the forum entry for more details about the phpBB, IPB, and vBulletin bugs. There is a security bulletin up for download, and we urge all phpBB users to follow our suggested workaround immediately!