phpBB SQL Injection Vulnerability Date: Friday, November 28 @ 16:18:41 CET Topic: Security A vulnerability has been reported in phpBB, which can be exploited by malicious people to inject arbitrary SQL code. The problem is that the "search_id" parameter in "search.php" isn't verified properly, allowing malicious people to supply characters, which can be used to manipulate the SQL query. The vulnerability has been reported in version 2.06. Prior versions may also be affected. Solution: A solution has been posted at the phpBB site: http://www.phpbb.com/phpBB/viewtopic.php?t=153818 This article comes from NukeCops http://www.nukecops.com The URL for this story is: http://www.nukecops.com/modules.php?name=News&file=article&sid=1047