FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

phpbb -- Insuffient check against HTML code in usercp_register.php

Affected packages
phpbb <= 2.0.13


VuXML ID 4a0b334d-8d8d-11d9-afa0-003048705d5a
Discovery 2005-02-28
Entry 2005-03-05
Modified 2005-03-07

Neo Security Team reports:

If we specify a variable in the html code (any type: hidden, text, radio, check, etc) with the name allowhtml, allowbbcode or allowsmilies, is going to be on the html, bbcode and smilies in our signature.

This is a low risk vulnerability that allows users to bypass forum-wide configuration.


Message 38599.